AGVE, the token of non-custodial money market and lending protocol Agave, plunged over 20% on Tuesday after the company said it’s looking into an exploit.
- “Agave is currently investigating an exploit on the agave finance protocol. We will update you as soon as we know more,” the DAO said in a tweet on Tuesday afternoon. “Contracts have been paused until we figure out how to resolve the situation."
- Hundred Finance, like Agave a multi-chain lending protocol on the Gnosis chain, was also attacked, according to a tweet from the platform. “Unfortunately Hundred and Agave have both been exploited on Gnosis chain today,” Hundred wrote. “Gnosis team is aware, investigation is ongoing. All the Hundred markets on all chains paused for now.”
- Hundred Finance’s token, HND, was modestly lower in Tuesday action.
- According to blockchain security researcher Mudit Gupta, the attack vector in both cases was a “re-entrancy attack”
- That’s made possible because “the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer,” Gupta wrote. According to Gupta, the attackers were able borrow back more than the collateral they were depositing, and continually repeat the process by repeatedly re-entering the system.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.