The enigmatic figure known in the cryptocurrency world as the “Hundred Finance hacker” has reemerged from the shadows, setting in motion a series of transactions that have reignited concerns within the digital asset community. This individual, infamous for orchestrating a high-profile crypto theft amounting to a staggering $7.4 million, has resurfaced on May 1st after a prolonged period of dormancy, signaling a potentially ominous development in the realm of cybersecurity and digital finance.
The resumption of activity by this elusive hacker has sent shockwaves through the industry, as stakeholders brace themselves for potential repercussions. At the heart of this resurgence lies the initiation of cryptocurrency transfers from Curve’s decentralized exchange, a platform recognized for its prominence within the decentralized finance (DeFi) ecosystem. This strategic move by the Hundred Finance hacker underscores the sophistication of their operations and raises critical questions regarding the security measures implemented by decentralized platforms to safeguard user funds.
Delving deeper into the specifics of this resurgence, analysis of Etherscan data has shed light on the hacker’s past exploits. Approximately one year ago, the Hundred Finance hacker executed a calculated maneuver, withdrawing a substantial sum of Ethereum (ETH) and Tether (USDT) tokens valued at approximately $800,000. These tokens, previously deployed as liquidity on Curve, served as a crucial component in the platform’s operational framework, facilitating seamless transactions and liquidity provision within the DeFi ecosystem.
The revelation of these past transactions not only offers insights into the modus operandi of the Hundred Finance hacker but also serves as a stark reminder of the persistent challenges confronting the burgeoning DeFi landscape. The unauthorized withdrawal of funds from Curve’s decentralized exchange underscores the vulnerabilities inherent in decentralized platforms, highlighting the urgent need for enhanced security protocols and risk mitigation strategies to fortify the integrity of digital asset ecosystems.
As the digital asset community grapples with the ramifications of this latest development, stakeholders are urged to remain vigilant and proactive in addressing emerging cybersecurity threats. The resurfacing of the Hundred Finance hacker serves as a poignant reminder of the ever-present risks facing the cryptocurrency space and underscores the imperative for collective action to safeguard the integrity and resilience of decentralized financial infrastructure.
The Hundred Finance hacker has netted a $1 million profit.
After withdrawing the funds, the perpetrator proceeded to convert the USDT along with smaller sums of altcoins such as PAXG and DAI into Ethereum. As a result of these transactions, the hacker’s Ether holdings swelled by more than $1 million.
Consequently, the hacker’s crypto asset portfolio has reached a value of $6.48 million, comprising $4.39 million in Ether, $1.24 million in DAI, $426,000 in Wrapped Ether, $412,000 in FRAX, and various smaller denominations of Wrapped Bitcoin.
Hundred Finance hacker holds $6.48M worth of crypto assets.
In 2023, Hundred Finance, a project operating on the Optimism blockchain, fell victim to a security breach resulting in the loss of $7.4 million in assets. According to Peckshield, a prominent on-chain security firm, the perpetrator manipulated the exchange rate for hWBTC by contributing 200 WBTC, subsequently exploiting Hundred Finance’s lending pools with a minimal quantity of hWBTC. This exploit was dissected as a combination of flash loans, a critical rounding error, and manipulation of smart contracts.
The recent movement of funds stemming from the Hundred Finance attack bears a striking resemblance to another recent incident. Just earlier this week, CryptoNews disclosed that the individual responsible for the Poloniex security breach had initiated transfers of the pilfered funds following a prolonged period of inactivity.
In the 2023 breach, the hacker absconded with assets valued at $33 million from the exchange. Merely days ago, they transferred 501 BTC, equivalent to approximately $32 million, across three newly created wallet addresses in an attempt to obfuscate the origins of the illicitly acquired assets.
Increased scrutiny on crypto mixers intensifies the squeeze on cybercriminals.
The prospects for the Hundred Finance hacker to successfully obscure the origin of the pilfered assets or convert them into fiat currency without leaving a discernible trail appear increasingly daunting, according to numerous analysts.
Achieving either objective hinges on the ability of the perpetrator to sever the traceability chain connecting the funds to the compromised wallet before liquidating them—a formidable task, to say the least. Traditionally, cryptocurrency mixer services like Samourai Wallet or Tornado Cash, which facilitated the initial exploit, would have presented an enticing avenue for laundering the illicitly obtained funds. However, the landscape has shifted dramatically, with US regulators now intensifying their scrutiny and enforcement efforts, rendering these once-convenient options untenable for criminals.
The recent arrest and indictment of the creators of Samourai Wallet by the US Department of Justice (DOJ) underscore the gravity of the situation. The charges leveled against them, which include allegations of laundering $100 million from an illicit market and aiding criminals in laundering a staggering $1.7 billion, serve as a stark warning to those operating in the cryptocurrency space. This high-profile enforcement action not only dismantles one of the primary tools utilized by cybercriminals but also sends a clear message that regulatory authorities are prepared to hold individuals accountable for their involvement in facilitating illicit activities within the digital asset ecosystem.
Today, the #FBI, IRS, and partners arrested the founders of the Samourai Wallet cryptocurrency service, which allowed criminals to launder over $1.7B in funds. Read more about FBI Cyber's continuing mission to shut down fraudulent crypto services. https://t.co/zUBgiSLhjP
— FBI (@FBI) April 24, 2024
Following this development, Tornado Cash’s co-founders, Roman Storm and Roman Semenov, have been formally accused of facilitating over $1 billion in money laundering activities via their platform.
🇪🇺 Update: As expected (see tweet #18 of the thread below), the EU Parliament plenary passed the new AML package, including the AML Regulation with 479 votes in favour, 61 against, and 32 abstentions. The package will now be formally adopted by the Council of the EU as well and… https://t.co/BtubbC2u5A
— Patrick Hansen (@paddi_hansen) April 24, 2024
At the same time, worldwide regulatory bodies are increasing pressure on cryptocurrency users who attempt to conceal their transaction records. The European Parliament, for instance, took decisive action on April 24, 2024, by voting to outlaw crypto mixers as a component of fresh anti-money laundering legislation.
READ MORE ABOUT: Reuters reports that the Mango Markets hacker has been convicted and could potentially face a two-decade prison sentence.