According to a report issued by the team on Friday, DeFi digital asset lending firm LendHub has lost $6 million in digital assets on its network.
Was the root of the hack an internal issue?
According to LendHub, the attack occurred on Jan.12. The DeFi lender also stated that it contacted a blockchain security firm and a crypto exchange to recover the stolen crypto.
As per LendHub, an internal problem with the platform led to a regrettable attack on LendHub. The existence of two lBSV tokens, one of which had been phased out but was regrettably not eliminated from the market.
As a result, there was a disparity between the old and new lBSV, resulting in different Comptroller contracts but the same market pricing, which affected how liabilities were calculated in the old and new markets.
The hackers were able to borrow in the new market while taking advantage of this flaw to modify the minting and redemption process in the old market, and eventually snatching a sizable amount of protocol money from the new market
The attacker quickly started connecting the assets that were taken from the Heco network, which is the network where LendHub runs, to other chains like Ethereum and Optimism.
Several methods, including Transit Swap and Multichain, were used to complete these cross-chain transactions. As of the time of publication, the hacker’s wallet still contained DAI and USDT stablecoins worth around $2.6 million.
The hacker’s primary address is 0x9d01..ab03, and 100 #ETH were initially contributed by TornadoCash.
As of this present, the hacker has made 11 transactions totaling 1,100 ETH to TornadoCash which is equivalent to about $1.5 million in assets.
LendHub describes itself as “The most secure decentralized lending platform” for cross-chain lending. Despite being based on Huobi’s Heco blockchain, hackers stole millions of dollars worth of assets from it.
LendHub, on the other hand, promised to look into the incident in great detail. The first step was approaching crypto exchanges for assistance locating the asset. Then, other security firms were contacted to speed up the inquiry.