Cyber Incident Victim: Agave and Hundred Finance

On or around March 14, 2022, decentralized finance protocols Agave and Hundred Finance suffered a combined exploit resulting in approximately $11 million in losses. The attack occurred on Gnosis Chain, a blockchain platform specializing in stable payments. The perpetrator manipulated a vulnerability within a wrapped Ether (WETH) contract function, enabling a recursive borrowing mechanism that allowed repeated borrowing against the same collateral deposit. This flaw permitted the unauthorized withdrawal of multiple cryptocurrency assets from both protocols’ liquidity pools. The stolen funds comprised wrapped Bitcoin (WBTC), wrapped Ether (WETH), Chainlink’s LINK token, and the USD Coin (USDC) stablecoin. Both protocols responded by immediately suspending all operations on their platforms to contain further damage and initiate forensic investigations. The incident represented one of several significant DeFi exploits occurring during this period, highlighting systemic risks in collateralized lending mechanisms.

The attack’s financial impact centered on the direct loss of user funds across multiple asset classes, though specific breakdowns of losses per protocol were not publicly disclosed. Blockchain transaction analysis confirmed the attacker’s method involved iterative collateral reuse, bypassing standard borrowing limits. No evidence suggested compromise of user private keys or external wallet breaches. Following the exploit, Agave and Hundred Finance teams coordinated to analyze the vulnerability while maintaining protocol suspensions. The incident underscored operational risks in cross-asset lending pools and wrapped asset implementations. Neither platform announced recovery plans or reimbursement timelines in the immediate aftermath. The $11 million loss ranked among the larger DeFi security incidents during early 2022, occurring alongside broader market volatility and regulatory scrutiny of cryptocurrency systems.