DeFi Protocol Downturn: The Hope Lend Incident
Ethereum's decentralized finance (DeFi) landscape has been marred by a concerning incident, as the Hope Lend protocol now grapples with a severe depletion of its assets following a distressing security breach. This breach, which transpired on October 18th, has been meticulously documented by several esteemed blockchain security firms. What's particularly intriguing is the dual involvement of two distinct individuals in this unfortunate scenario – a front-runner who astutely uncovered the vulnerability, subsequently outsmarting the original hacker. Together, they managed to pilfer a substantial sum, precisely 526 Ether (ETH). At the time of this report, the market value of this digital currency stood at an astonishing $1,554 per unit, translating to a staggering loss of $825,357.
As we delve deeper into the intricacies of this incident, we discover that the successful attacker secured a considerable 264 ETH, while simultaneously disbursing a rather substantial 263 ETH bribe to an Ethereum validator. These riveting details were thoughtfully documented by CertiK, a reputable entity in the realm of blockchain security.
However, to provide a more comprehensive understanding of the situation, Hope.money, the esteemed developer behind the DeFi protocol, has shared a version of the story that slightly differs from the earlier narrative. In their account, they posit that a solitary hacker was the sole culprit responsible for making off with a hefty haul, amounting to 526 ETH – effectively depleting the users' funds. To facilitate this escapade, the hacker reportedly parted with 263.91 ETH as a bribe, which was allegedly intended for a validator overseen by Lido Finance. This calculated move resulted in the hacker walking away with a profit totaling 264.08 ETH.
In the midst of this unsettling turmoil, Hope.money is keen to emphasize that all protocols deployed on their platform, accessible via http://Hope.money, operate independently. Importantly, these independent protocols do not exert any influence on the various other products and protocols concurrently in operation on the platform. This includes the likes of HopeCard, HopeSwap, and $HOPE, which remain unaffected by this unfortunate event. The developer pledges unwavering commitment to safeguarding the rights of the affected users and maintaining the security of their respective funds.
Additionally, it's noteworthy that prior to this incident, the DeFi aggregator DefiLlama had announced its intention to undertake diligent tracking of Hope Lend's smart contracts for data curation. However, at the time of the latest report, the once-flourishing Hope Lend protocol had seen a near complete depletion of its assets, leaving observers and stakeholders in suspense. Regrettably, the developers have not explicitly disclosed the root causes of this security breach. Nonetheless, the eagle-eyed blockchain analysts, led by the diligent Spreek, have drawn a tentative link to issues related to WBTC (wrapped Bitcoin) decimals and rounding, mirroring a disconcerting trend observed in the recent Wise Lending hack.
On October 18, 2023, at 11:48:59 AM +UTC, the HopeLend protocol fell victim to a hacker attack. It is important to note that the hacker did not profit from this attack.— Hope.money⚡️ (@Hope_money_) October 18, 2023
The attack resulted in a loss of approximately 528 ETH, out of which 263.91 ETH were bribed by the frontrunner…