Cryptheory: Crypto and Internet

cryptocurrency, internet and AI meaning, guides, learning

Two more DeFi protocols are hacked for over $11 million

2 min read


On the same day as the DeFi Deus Finance protocol hacking attack, two other decentralized finance (DeFi) platforms were targeted by attackers.

The Agave and Hundred Finance protocols were exploited in a new “reentry” attack case. The breach resulted in the loss of approximately $11 million. 

The stolen cryptocurrencies were: Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis and Wrapped XDAI in both protocols.

The Hundred Finance team, fork of the Compound protocol, confirmed the attacks on their Twitter account on Tuesday:


The Agave team – a fork of the DeFi Aave lending platform – also informed the community via Twitter:

“Agave is currently investigating an exploit in the Agave financial protocol. We will update you as soon as we know more.” tweeted. “Contracts have been put on hold until we figure out how to resolve the situation.”

Hack details

According to Tenderly data, in both cases the hacker exploited a re-entry bug, which is a vulnerability in the programming language.

This flaw allows a malicious entity to breach a protocol’s smart contract to make an external call to an untrusted contract to drain your funds.

In other words, the vulnerability allows the attacker to continue lending cryptocurrencies before applications can calculate debt and prevent further borrowing.

The address associated with the attacker sent over 2,100 ETH, worth over $5.5 million, to a crypto asset mixer to launder the stolen tokens.

As mentioned, the attacks in question mark three exploits practically in a row on the same day. Deus Finance protocol lost more than $3 million worth of Dai (DAI) and Ether (ETH) in the attack.

Crypto exchanges with the lowest fees

All content in this article is for informational purposes only and in no way serves as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.

Leave a Reply

Your email address will not be published. Required fields are marked *