DeFi Lending Protocol Agave's AGVE Plunges Over 20% Amid Exploit Investigation
Hundred Finance, another lending protocol on the Gnosis chain, was also exploited in an apparent “re-entrancy” attack, according to a blockchain security researcher.
Mar 15, 2022 at 7:26 p.m. UTCUpdated May 11, 2023 at 5:57 p.m. UTC
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/S33VQ252JFAYTGTDLH4W2L77UM.jpeg)
AGVE, the token of non-custodial money market and lending protocol Agave, plunged over 20% on Tuesday after the company said it’s looking into an exploit.
- “Agave is currently investigating an exploit on the agave finance protocol. We will update you as soon as we know more,” the DAO said in a tweet on Tuesday afternoon. “Contracts have been paused until we figure out how to resolve the situation."
- Hundred Finance, like Agave a multi-chain lending protocol on the Gnosis chain, was also attacked, according to a tweet from the platform. “Unfortunately Hundred and Agave have both been exploited on Gnosis chain today,” Hundred wrote. “Gnosis team is aware, investigation is ongoing. All the Hundred markets on all chains paused for now.”
- Hundred Finance’s token, HND, was modestly lower in Tuesday action.
- According to blockchain security researcher Mudit Gupta, the attack vector in both cases was a “re-entrancy attack”
- That’s made possible because “the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer,” Gupta wrote. According to Gupta, the attackers were able borrow back more than the collateral they were depositing, and continually repeat the process by repeatedly re-entering the system.
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)
Michael Bellusci is CoinDesk's crypto reporter focused on public companies and digital asset firms.