On Saturday, April 15, lending protocol Hundred Finance announced that it was Optimism, an Ethereum Layer-2 chain. Not long after that announcement, Hundred shared that the number of funds lost had reached over $7 million USD, which is about all they’ve shared.

Since the attack, several tweets have gone out from the protocol but none have provided any substantial insight or information on the hack — which based on the few comments shared on these tweets, reflects a user base that is very upset, and reasonably so.

“We advise not to speculate on how the attack was executed, team is preparing a post mortem,” it tweeted  Saturday, with another tweet Sunday, adding “main focus is establish coms with hacker, reach an agreement.”

In another tweet, Hundred shared that it “hopes the hacker will reach out,” with one user commenting “time to fire the entire team. Useless.”

Time to fire the entire team. Useless.

— D’alpha (@Dalpha_xyz) April 15, 2023

The lack of a support team and customer relations procedure is unfortunately something that comes along with DeFi all too often, with Hundred setting an example through the way it’s helping those in the States who have been affected by the attack.

“If anyone affected by the hack is from USA, specifically from NY, please reach out, dm this account or one of the team members on Discord. Thank you!” tweeted the protocol.

So far, the only blockchain-backed explanations for what’s happened have come from third-party security groups like NumenAlert and CertiK.

In a report shared Saturday, Numen broke down the losses, stating that Hundred had been exploited for approximately 1,000 Ether, 1.2 million USDC, 1.1 million Tether, and roughly 843,000 DAI, as well as a variety of other tokens.

Latest Update:

The total amount exploited in the @HundredFinance project on #Optimism has been estimated to be around US$7mil

Root cause & detailed attack analysis? https://t.co/0tJVYcwRc9

— NumenAlert Ⓝ (@NumenAlert) April 16, 2023

Others like CertiK shared that the attack was accomplished by the hacker manipulating the exchange rate between ERC-20 tokens and htokens, allowing them to withdraw more than they had originally deposited.

In the latest tweet from Hundred, the protocol stated that the hack was a “general flaw in the code and not specific to Hundred deployment.”

In other news, Sushiswap suffers over $3M USD in losses due to a smart contract bug.