Multichain lending protocol Hundred Finance took to Twitter to inform users that it has experienced a significant security breach on the Ethereum layer-2 blockchain Optimism, losing $7.4 million in the process.

The exploit on April 15 was a flash loan attack, according to blockchain security firm CertiK. Flash loan attacks involve a hacker borrowing a large amount of funds via uncollateralized loan from a lending protocol, which are then used to illicitly manipulate the price of a certain asset on a decentralized finance (DeFi) platform.

In the case of Hundred Finance, the hacker manipulated the exchange rate between hTOKENS and ERC-20 tokens, which enabled them to withdraw more tokens that initially deposited, as highlighted by CertiK, which also said:

“The exchange rate formula was manipulated through Cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.”

This has flagged concerns regarding the security measures implemented by Hundred Finance, as it marked yet another security breach on Hundred nearly 1 year ago on the Gnosis Chain.

Sources:

https://cointelegraph.com/news/hundred-finance-loses-7-million-in-optimism-hack

https://beincrypto.com/hundred-finance-hacked-for-7m/

https://cryptoslate.com/hundred-finance-hacked-on-optimism-suffers-7-million-loss/

https://twitter.com/HundredFinance/status/1647290085476384768

https://twitter.com/CertiKAlert/status/1647257746503352321