Hackers have used “reentrant” attacks against DeFi lending protocol applications Agave and Hundred Finance, followed by approximately 11 million wrapped ETH, wrapped BTC, Chainlink, USDC, Gnosis, and wrapped XDAI. Earned dollars.
The attack occurs within 24 hours of breaking news on the Deus Finance Exploit, where hackers stole more than $ 3 million in dies and Ethereum from loan agreement platforms.
According to data from CoinGecko, Agave’s token, AGVE, decreased by 20% after the attack. Hundred Finances token HND fell 3.5% after announcing the exploit, but then recovered and reached a 24-hour high.
“Agave is currently investigating exploits in the Agave Finance Protocol,” Agave. Tweet At 1:30 pm (UTC) on Tuesday 15th, “I’ll let you know when the details are available.” Note that the contract has been suspended until the situation is resolved.
Hundred finance team Tweet It was abused in the Gnosis chain and suspended the market while conducting investigations.
According to on-chain analysis, the address associated with the attacker sent over 2,100 ETH (equivalent to over $ 5.5 million) to the crypto mixer in an attempt to launder the stolen token.
Related:Deus Finance Exploit: Hackers Escape with $ 3 Million Worth DAI and Ether
Shegen (@shegenerates), the developer of Solidity and the creator of the NFT liquidity protocol app, lost $ 225,000 in exploits, and her research allows attackers to continue to borrow crypto. I tweeted that the attack worked by exploiting GnosisChain’s wETH contract feature, which would prevent further borrowing before the app calculates its debt.
The attacker ran this exploit and continued to borrow the same collateral that was posted until the protocol was drained.
Shegen told Cointelegraph that Agave’s smart contracts are basically the same as Aave, which secures $ 18.4 billion, but “audited by all security researchers,” “it’s reasonable to assume that the contract is secure.” It’s a target. “
“I think this hack stands out more than some big hacks,” Shegen said, even though it’s a smaller hack than other hacks that stole millions of people, it’s similar to Aave. “It looks like top-notch safety, but it wasn’t.” And that collapse of his trust hurts. “
“It’s like you can’t even trust” safe “code. “
Blockchain security researcher Mudit Gupta To tell The difference between Aave and Agave is that “Aave actively checks for re-entry potential before listing tokens on the mainnet to avoid similar attacks.”
Shegen said she did not blame the Agave developers for failing to prevent the attack.
“Agave was used in an unsafe way,” she said. “Perhaps the developer shouldn’t have allowed tokens containing callbacks to be used on the platform or added reentry guards.”
“For example, the curve wasn’t hacked today because of the addition of a re-entry guard, but it’s very unlikely that this will happen and blame the Luigy and Agave teams for slipping through so many people. there is no.”
Shegen also does not point out Gnosis’s responsibility for creating tokens using callback functions that hackers have abused. This feature states that it prevents users from accidentally losing their ciphers.
“This is actually a great feature of Bridge Tokens. In my opinion, this is a really unfortunate and unfortunate situation.”
