Agave and Hundred Finance have suspended operations while the investigation on the exploit continues.
After executing a “re-entrancy” assault on the decentralized finance (Defi) lending protocol applications Agave and Hundred Finance, a hacker stole about $11 million in wrapped BTC (BTC), wrapped ETH (wETH), Chainlink (LINK), wrapped XDAI (wxDAI), USD Coin (USDC)and Gnosis (GNO).
The incident comes just 24 hours after hackers stole over $3 million in Dai (DAI) and Ether (ETH) from the lending contract platform using the Deus Finance malware.
According to CoinGecko data, the value of the agave token AGVE fell by 20% as a result of the hack. HND, the Hundred Finances token, plummeted 3.5 percent after the exploit was revealed. However, it has now recovered and reached a 24-hour high.
Attempt to launder the stolen tokens
Shegen (@shegenerates), a Solidity developer and inventor of an NFT liquidity protocol application, tweeted that she lost $225,000 in the exploit.
Her research indicated that the assault was carried out by abusing a wETH contract function on Gnosis Chain, allowing the attacker to continue borrowing crypto before the apps could calculate the debt and block additional borrowing.
According to on-chain research, the attacker’s address delivered over 2,100 ETH, valued more than $5.5 million, to a crypto mixer in an attempt to launder the stolen tokens.
“Agave is actively researching an agave finance protocol exploits,” Agave tweeted on Tuesday, Contracts have been suspended until the matter is handled, “We will keep you updated as soon as we learn more.”.
The Hundred Finance team also tweeted that it had been exploited on the Gnosis network and that it had suspended its markets while investigating.
The distinction between Aave and Agave- which is better
This exploit was used by the attacker, who kept borrowing against the same collateral they were posting until the funds were drained from the protocols.
While the smart contract on Agave is virtually the same as the one on Aave, which secures $18.4B, “every security researcher has audited it,” Shegen told Cointelegraph. “As a result, it’s reasonable to talk about how secure contract is.”
According to Mudit Gupta, a blockchain security researcher, the distinction between Aave and Agave is that “Aave actively checks for re-entrancy before putting tokens on the mainnet to avoid similar attacks.”
Shegen also refused to criticize Gnosis for producing tokens with a callback function that the hacker exploited, claiming that the feature prevents users from losing their crypto by accident.
ALSO READ: Inbound liquidity with Bitcoin banks’ fee structures
Source: https://www.thecoinrepublic.com/2022/03/18/protocols-exploited-hundred-and-agave-suspended-market-while-investigating-exploit-of-11m/