Yesterday, multi-chain lending protocol Hundred Finance, desperate for information about the recent exploit, decided to offer a $500,000 reward to anyone who can help its team with the investigation.
"48h passed since we sent an on-chain message to the hacker and tried to start negotiations with him. Today we are launching a $500,000 reward in the hope that this provides additional incentive for info that leads to the Hundred attacker and the return of all funds," the team behind the protocol wrote on Twitter.
Hundred Finance first reported the hack on Twitter on April 15. On that day, the team attempted to contact the hacker to negotiate ways to return the loot. The estimated losses at the time were about $7.4 million. However, according to an analysis by Web3 developer Arhat, the actual amount of stolen funds exceeded $11 million on April 16.
According to Arhat, an attacker took advantage of the vulnerability affecting Hundred Finance's hWBTC token on the Optimism network, which allowed the hacker to manipulate the cryptocurrency's price and inflate it relative to other assets. The inflated token was then used as collateral to borrow other cryptocurrencies such as USDC, ETH, and DAI. Since the value of hWBTC was manipulated, the hacker took the opportunity to borrow far more funds than the amount of Hundred Finance's token would normally allow users to do.
Arhat explained in the tweet that this type of an exploit is known as a reentrancy attack. As per the developer, it works by "allowing the hacker to call the same function multiple times before the state of the contract is updated and thus borrows more funds than their collateral."
Read also: C.R.E.A.M Finance 2021 exploiter moved $3.3 million in January
"The hacker donated 200 WBTC to Hundred Finance, which gave them 200 hWBTC in return, then they deposited 500 WBTC, which increased the price of hWBTC by 250 times, then used hWBTC as collateral to borrow funds from other markets," Arhat explained in the tweet.
Read also: Bitcoin Price Prediction 2023. Should I buy BTC?
The developer also named the factors that allowed the attacker to perform this attack. The reentrancy vulnerability affecting the hWBTC market on Optimism is the main reason why the hack was possible, but the lack of price oracles for Hundred Finance's token and its low liquidity also made it easier to exploit the network.
Price oracles help prevent heavy price manipulation of cryptocurrencies that otherwise depend on external exchange rates, while token's low liquidity helps attackers commit crimes by depositing relatively small amounts of currency that can be significantly inflated.
Read also: FBI confirms Lazarus Group was behind the $100m Harmony exploit
"These reasons combined allowed the attacker to create a massive discrepancy between the value of their collateral and their debt, and drain the funds from other markets," Arhad summarized in the tweet, adding that ensuring that the contract's records are updated before the transaction is executed, as well as fixing the reentrancy vulnerability, can help prevent such exploits.
Although the tweets from cybersecurity firm HypernativeLabs stated that the suspicious activity, including two unusual transactions, was captured in real time and the Hundred Finance team was notified shortly after the detection of the hack, some Twitter users noticed a time difference between HypernativeLabs' initial post about the exploit and the first announcement of the attack from the lending protocol.
"Had Hundred Finance been a HypernativeLabs user, they would have had a one-hour notice on the exploit," Twitter user John Fiorelli said.
However, other Twitter users believe Hundred Finance would have paid them for this information if HypernativeLabs had reported the vulnerability earlier.