On the 18th of October 2023, HopeLend Protocol on the Ethereum chain was attacked. The attack was made possible by a Precision Loss vulnerability. Around $835k was stolen from the exploit.
HopeLend is a decentralized, non-custodial lending protocol. To learn more about them, check out their documentation.
Attacker Address: 0x1F23eb80f0c16758E4A55D48097c343bD20Be56f 0xa8bbb3742f299b183190a9b079f1c0db8924145b, 0x9a9122Ef3C4B33cAe7902EDFCD5F5a486792Bc3A,
Victim Contract: 0xc74b72bbf904bac9fac880303922fc76a69f0bb4
Attack Transaction: 0x1a7ee0a7efc70ed7429edef069a1dd001fbff378748d91f17ab1876dc6d10392
The root cause was the loss of precision loss in Htoken’s contract.
The attacker took the advantage of lack of precision in calculating liquidity index during execution of _handleFlashLoanRepayment
Here is the fund flow during and after the exploit. You can see more details here.
It is worth noting that a Generalized frontrunner 0x9a9122Ef3C4B33cAe7902EDFCD5F5a486792Bc3A was able to frontrun the original transaction by paying a bribe of 263ETH to one of the validatiors managed by Lido
Here is a snippet of the wallet address
The Project acknowledged the hack via their Twitter.
Oct-18-2023 11:48:59 AM +UTC – The malicious transaction took place
Oct-18-2023 11:48:59 AM +UTC – The original transaction was frontrunned.
Get Pure Alpha Straight to Your Inbox. Miss this, and you’re missing out.
Insider Secrets - Delivered Right to You. Subscribe now.