Protocols Breached, Agave and Hundred Call Off Market as they Investigate $11M Exploit

A hacker has stolen roughly $11 million worth of wrapped Bitcoin, wrapped Etherium, wrapped XDAI, Chainlink, USD Coin, and Gnosis after carrying out a re-entrancy attack on Agave and Hundred, a decentralized finance and lending protocol platform.

The attack occurs barely 24 hours after a similar attack of hackers stealing more than $3 million worth of DAI and Ethereum from the same lending protocol’s platform while using the Deus Finance virus.

As reported by CoinGecko’s data, Agave’s token, AGVE, dropped in value by up to 20% as a resultant effect of the attack, while Hundred’s token lost up to 3.5% of its value on the announcement of the cyber theft. Nevertheless, Hundred (HND) was able to recover swiftly, and it has now got to a 24-hour high.

Token Laundry Attempts of Stolen Assets

A Twitter user who is simply known as @shegenerates (Shegen) and who does solidity development, and at the same time, being the inventor of a liquidity protocol application for NFTs. She recently tweeted that she had lost $250,000 in the hackers’ attacks.

Shegen’s research showed that the cyber attack was conducted by taking advantage of a wETH contract operation on Gnosis Chain. This gave way for the hackers to keep borrowing crypto assets far before the applications were able to keep up and calculate the amounts borrowed and go to block more borrowing.

As per an on-chain investigation, it revealed that the hacker’s crypto address deposited more than 2,100 ETH with a value of over $5.5 million into a crypto mixer while it attempted to carry out a laundry of the stolen assets.

Agave announced via its Twitter page earlier in the week that it is continuously researching to improve the Agave financial protocol and how to block future exploits. The platform further stated that contracts are suspended till the issue has been properly handled. It promised to keep all users and those who have been affected by the hack updated with every progress made.

Hundred equally announced that it was also attacked and robbed on the Gnosis network and has put a hold on its market operations while an investigation is ongoing.

The Difference Between Agave and Aave

The strategy of the hack and theft was that the hacker kept using single collateral to borrow on the network till all assets were stolen away from the network.

Whereas the corresponding smart contract Agave uses is physically the same as what is on Aave, which handles $18.4 billion, Shegen said to Cointelegraph that all security and asset researchers had run an audit of it. She said it is thus a reasonable thing to raise questions about how secure the contract actually is.

In the words of Mudit Gupta, he said that the main difference between Aave and Agave would be that Aave is active in checking for re-entrance before it puts any token on the main net in order to stem such attacks.     

Leave a Reply

Your email address will not be published. Required fields are marked *