Two decentralized finance applications were heavily hacked on 16 March 2022 as a result of yet another breach.
The attacker took use of the DeFi loan sites Agave and Hundred Finance, taking a total of $11 million. Investors were taken aback and their cash was drained.
She generates, a crypto investor, and the developer is one among them. She asked to be recognized only by the online pseudonym she employs.
She said she lost approximately $225,000 and that the money is “very much gone forever,” according to Fortune.
“Because I have so much money in Agave and have borrowed so much,” She generates explained, “I monitor the interest rates every day to make sure my position is healthy.”
“When I logged on Tuesday morning, the interest rate was about 100%, and all of the monies placed had been borrowed.” ‘Uh oh, that’s strange,’ I thought.
While we keep running an investigation to what appears to be a re-entrancy attack that affected Agave and @HundredFinance on @gnosischain, a thread to share some lights on what happened. https://t.co/fp5DX5es54
— Agave (@Agave_lending) March 15, 2022
How did it happen?
She generates noticed everyone was talking about the vulnerability after monitoring Agave’s Discord conversation. Agave acknowledged the incident on Twitter, and in the interim, it has suspended smart contracts or code that processes transactions on the blockchain.
According to both, She generates and Agave, Agave was abused by what looks to be a flash loan re-entrance assault. This means that a hacker used his own smart contract to communicate with the network, or protocol, to take advantage of the loan platform.
The hacker appeared to use this arrangement to regularly borrow money from Agave—and, by extension, its lenders—without first putting up any collateral. Users of DeFi lending apps may often borrow bitcoin if they provide collateral or proof that they can repay the loan.
Hundred Finance, a DeFi lending protocol, was targeted immediately after Agave, according to a tweet from the firm on Tuesday. They suspect the hacker was the same.
Once attacker is able to borrow more than their collateral in agave.. its over. They can walk away with all borrowable assets:
— Shegen (@shegenerates) March 15, 2022
Crypto is still in its infancy
Agave is a “fork,” or code clone, of Aave, a well-known DeFi lender. According to DeFi Pulse, an analytics site, Aave is generally trusted in the area, with $9 billion in crypto assets placed in the platform.
Because Agave ran on Aave’s code, Shegenerates was taken aback by the attack, as she considers Aave and its code to be “usually safe.”
She doesn’t hold Agave or Aave responsible, though. Instead, she believes that the danger of investing in space comes with the possibility of such exploitation.
“It appeared to be top-tier safe, but it wasn’t,” she explained.
“I feel particularly awful because I informed so many people about Agave,” she said.
She generates is philosophical about the theft and the risk she took by investing in crypto at all, despite losing “a hefty bag” of $225,000.
Looking back, she feels “very little” could have been done to prevent or foresee the assault.
“Crypto is still the Wild West,” She generates said.
“It’s like putting your money in a bank or local credit union in the days when a bank robber might come in and take from them, shutting down the whole thing.”
“Don’t put all your eggs in one basket, and keep in mind that technical danger is always present.”