Hundred Finance Hacker Starts Moving $7.4M Stolen Crypto Assets After Year Hiatus

Cybercriminal Makes Moves on Stolen Assets

A cybercriminal responsible for the embezzlement of $7.4 million from Hundred Finance in 2023 has reemerged after a year of inactivity.

On 1 May 2024, the hacker transferred approximately $800,000 worth of Ether and Tether from Curve's decentralised exchange (DEX) after adding liquidity to the platform over a year ago. This signals a potential attempt to launder or utilise the stolen funds.

Following the withdrawal, the hacker exchanged USDT and other cryptocurrencies for ETH, boosting their ETH holdings by over $1 million.

Presently, the hacker maintains assets totaling $4.3 million within the wallet, comprising a diverse range of cryptocurrencies such as Dai, Wrapped Ether, Frax, and Wrapped Bitcoin.

Hacking Hundred Finance: A Flash Loan, Rounding Error, and Smart Contract Exploit

The original hacker leveraged a complex exploit targeting a vulnerability within the Hundred Finance project on the Optimism blockchain.

The hacker manipulated the exchange rate for hWBTC (wrapped Bitcoin) by making a large, temporary donation of 200 WBTC (worth millions) through flash loans.

This inflated hWBTC's value artificially, allowing the attacker to drain significant amounts from Hundred Finance's lending pools using minimal hWBTC.

Security firm Peckshield identified a combination of flash loans, a critical rounding error in the smart contract code, and manipulation of the contract itself as key components of this exploit.

Token transactions carried out by the Hundred Finance hacker. (Source: Etherscan)

Echoes of the Poloniex Heist

The recent movement of stolen assets by the Hundred Finance hacker mirrors a similar pattern observed with the Poloniex exchange hacker.

After months of dormancy, the Poloniex attacker transferred 501 BTC (approximately $32 million) across multiple wallets, presumably to obfuscate the origin of the stolen funds.

This highlights the ongoing struggle for cybercriminals to launder stolen cryptocurrency and convert it to fiat currency without leaving a digital trail.

Poloniex Hack: A $120 Million Heist

On 10 November 2023, Poloniex, a cryptocurrency exchange owned by Justin Sun, fell victim to a hack that compromised its hot wallet.

Hackers managed to steal $120 million worth of various cryptocurrencies, including Ethereum, Tron, Bitcoin, XRP, and Shiba Inu. In response, Poloniex suspended withdrawals and assured users that the exchange would cover the losses.

Poloniex launched a full investigation and implemented security measures. This included a comprehensive security audit and a wallet update that would generate new deposit addresses for all users upon service resumption.

Justin Sun, through on-chain messages, directly communicated with the hacker, offering a $10 million white hat bounty for the return of the stolen funds by 25 November 2023. Additionally, Poloniex threatened legal action with the help of authorities from China, Russia, and the United States if the funds weren't returned.

Regulatory Crackdown on Crypto Mixers Makes Laundering More Difficult

The ability to launder stolen crypto is further hindered by intensifying regulatory scrutiny on services traditionally used for this purpose. Crypto mixers, once offering anonymity for transactions, are increasingly under pressure from law enforcement.

Recent examples include the U.S. Department of Justice charging the founders of Samourai Wallet and Tornado Cash with facilitating money laundering activities.

Additionally, the European Parliament voted to ban crypto mixers entirely as part of new anti-money laundering regulations. These actions significantly complicate efforts by cybercriminals to break the traceability chain linking stolen funds back to their crimes.

Decline in Crypto Scams and Hacking in April 2024

Despite the resurgence of the Hundred Finance hacker, there are positive signs emerging within the cryptocurrency space. April 2024 saw a significant decrease in revenue generated from crypto scams and hacking compared to previous periods.

According to blockchain security firm CertiK, these incidents dropped a staggering 141% compared to March, reaching a new low of $25.7 million.

Breaking down the losses, most stemmed from exploits targeting blockchain protocols, totaling $21 million. Malicious actors were also responsible for exit scams and rug pulls, causing users to lose $4.3 million. Flash loan attacks caused minimal damage, contributing only $129,000.

This positive trend is attributed to a combination of factors, including increased regulatory activity, improved security practices within the crypto industry, and heightened user awareness regarding potential scams.

However, the rise of ransomware and darknet market activities suggests a shift in criminal tactics, highlighting the need for continued vigilance.

The Evolving Landscape of Cryptocurrency Crime

The recent activity by the Hundred Finance hacker serves as a reminder of the ongoing challenges in securing cryptocurrency platforms and preventing financial crime.

However, the decline in overall crypto scams and hacking offers a glimmer of hope.

As regulations strengthen, security practices improve, and user awareness grows, the cryptocurrency ecosystem may become less susceptible to criminal activity.

Nevertheless, the rise of alternative avenues for illicit gains, such as ransomware, necessitates ongoing efforts to stay ahead of evolving criminal tactics.