BlockSec: Hope.money under attack due to precision loss issue
BlockSec stated on social media that Hope.money on Ethereum has been attacked due to precision loss issues. There have been several such attacks recently, and developers are advised to investigate and conduct self-examination in a timely manner.
BlockSec stated that the attacker first opened a position on HopeLend, borrowed 2,000 WBTC through flash loans, and added flash loan fees to the liquidity index of the reserve fund through the pool contract's flash loan function. The attacker manipulated the liquidity index of the hEthWBTC contract (from 1e27 to 7,560,000,001e27), resulting in a final precision loss. Then, the attacker borrowed a large amount of assets from other markets. Finally, due to the precision loss, the attacker was able to redeem all WBTC collateral.
Hope.money: Each agreement exists independently, and the HopeLend incident will not affect other products
The decentralized stablecoin project Hope.money announced that its HopeLend protocol was hacked yesterday, but the hacker did not profit from the attack. The attack resulted in a loss of approximately 528 ETH, of which 263.91 ETH was bribed to a Validator (managed by Lido) by the frontrunner exploit. The Exploit Frontrunner ultimately earned 264.08 ETH. Currently, Hope.money is actively contacting and recovering related assets. It should be emphasized that all protocols currently deployed by Hope.money are separate and will not affect other products and protocols (including HopeCard, HopeSwap, and $HOPE tokens) that have already been launched. The platform will also do its utmost to ensure that the rights and interests of affected users are protected, and corresponding funds are still in a safe state.