Cryptocurrency DeFi protocol Hundred Finance recently sustained a devastating security breach on the Ethereum layer-2 scaling solution, Optimism. According to their announcement on April 15, the losses incurred amount to over $7 million. This attack comes almost a year after Hundred’s previous exploit on the Gnosis Chain, which saw them lose $6 million and fueled yet another debate: should cryptocurrency projects ever negotiate with hackers?
Hundred Finance’s Security Breach: Multichain Lending, hTOKENS, and U.S. Victims
Hundred Finance’s Tweet confirming the attack on April 15th was the prelude to a much larger security breach, one that affected their multichain lending platform and their token, HND, on Optimism. This protocol aims to seamlessly lend customers multiple cryptocurrencies and tokens on different blockchain networks.
Another Tweet from the protocol asked U.S.-based victims of the attack in the state of New York to reach out to Hundred Finance on either Twitter or Discord. Blockchain security company CertiK broke down the attack on Twitter, which saw the hacker take advantage of an exchange rate manipulation between Ethereum ERC-20 tokens and hTOKENS. By donating a large amount of wrapped Bitcoin to the protocol’s htoken contract, the hacker was able to inflate the exchange rate enabling them to withdrawal much more than they had deposited.
Hacking Losses: DeFi Risks and Negotiation Debate
Estimates of the total loss to Hundred are around $7.4 million worth of digital assets, including 1,000 Ethereum, around 1.2 million of the stablecoin USDC, roughly 1.1 million of the stablecoin Tethern, and nearly 843,000 of the stablecoin DAI, according to Numen Cyber. This hack highlights the risks of investing in DeFi projects and adds to the list of losses from hacks that have occurred in 2023, including those of Euler Finance and AllBridge, amongst many others.
This situation has sparked a debate within the cryptocurrency community on whether protocols should negotiate with hackers in order to attempt to recover funds. Some have argued against ever entering negotiations due to possible legal repercussions and a fear of setting a precedent within the industry. This fear derived from wanting to send a message to hackers that their actions will not be tolerated and dealt with through legal means.
Negotiating with Hackers: Recover Funds and Time
On the other hand, there are those who deem negotiation to be an effective way of dealing with a hacker. One advantage of engaging in talks with a hacker is that it increases the likelihood of recovering some of the funds and provides more time to formulate a response to the attack. After all, depending on the project, negotiation could potentially lead to a partial or even full recovery of lost funds.
Hundred Finance’s protocol team is actively in pursuit of the hacker, trying to establish a dialogue. On Sunday, the team requested anyone in the United States who could help with information to reach out. Additionally, Hundred Finance is in touch with security teams in hopes of hopefully gaining more information and insight into this particular attack.
Negotiating Attacker or Law Enforcement?
At this moment, it is yet unknown if Hundred Finance will decide to negotiate with the attacker or leave it to law enforcement to take the wheel, yet we can be sure that a decision will be made soon and all measures will be taken into account. What is clear from this attack, is that protocols need to step up their security measures in order to protect users and avoid similar disasters in the future. As of now, we’ll have to wait and see how this particular attack unfolds and whether negotiations will lead to any recovered funds.
Disclaimer: Cryptocurrency trading involves significant risks and may result in the loss of your capital. You should carefully consider whether trading cryptocurrencies is right for you in light of your financial condition and ability to bear financial risks. Cryptocurrency prices are highly volatile and can fluctuate widely in a short period of time. As such, trading cryptocurrencies may not be suitable for everyone. Additionally, storing cryptocurrencies on a centralized exchange carries inherent risks, including the potential for loss due to hacking, exchange collapse, or other security breaches. We strongly advise that you seek independent professional advice before engaging in any cryptocurrency trading activities and carefully consider the security measures in place when choosing or storing your cryptocurrencies on a cryptocurrency exchange.