In an unfortunate event on October 18, the Ethereum decentralized finance (DeFi) protocol, Hope Lend, witnessed a depletion of its resources, amounting to 526 Ether in total value locked. The severity of the situation unfolded as two individuals, one being a frontrunner who discovered the exploit and outpaced the original hacker, executed an attack. This resulted in the theft of 526 Ether, valued at $825,357 during the time of this statement, as reported by various blockchain security firms.
CertiK revealed that the successful attacker managed to acquire 264 ETH and further paid a 263 ETH bribe to an Ethereum validator. This incident raised concerns about the security and integrity of the protocol. Meanwhile, Hope.money, the developer of the DeFi protocol, presented a contrasting narrative. According to their account in a dedicated communication thread, they asserted that a lone hacker absconded with 526 ETH, which belonged to users. Allegedly, the hacker paid 263.91 ETH in bribes to a validator purportedly under the management of Lido Finance, ultimately profiting by 264.08 ETH. Hope.money emphasized the independence of all protocols deployed on http://Hope.money, reassuring users that this incident would not impact other live products and protocols on the platform, including HopeCard, HopeSwap, and $HOPE. They expressed commitment to safeguarding the rights of affected users and ensuring the security of corresponding funds.
Days before this incident unfolded, DeFi aggregator DefiLlama had announced its intent to monitor Hope Lend’s smart contracts for data curation. Unfortunately, at the time of this statement, Hope Lend no longer held noticeable assets within its protocol. While the developers did not specify the cause of the incident, on-chain investigator Spreek suggested a possible connection to WBTC (wrapped Bitcoin) decimals and rounding, resembling the Wise Lending hack that occurred recently. The aftermath of this security breach raises questions about the vulnerability of decentralized financial protocols and the ongoing efforts to secure users’ assets.