Hundred Finance Suffers ~$7m Hack On Optimism

A price manipulation attack allowed a hacker to drain the lending pools.

Hundred Finance Suffers ~$7m Hack On Optimism

Quick Take

  • Ethereum’s KZG ceremony reopens for public contributions.
  • A Lido node operator suffers a slashing event.
  • Eignenlayer shares considerations for validators.
  • Hundred Finance suffers a $7 million hack.

Listen on: Apple | Castbox | Spotify | YouTube | Lens

This episode is made possible thanks to Ether Capital!

Looking for more transparency when it comes to your staking operations? Try out Ether Capital’s new staking dashboard. It’s a free analytics tool that tracks your rewards and monitors validator performance from one platform. Register today to access the beta version:

Optimism Highlights 🔴✨

Hundred Finance Suffers ~$7m Hack On Optimism
Multi-chain lending protocol Hundred Finance suffered a $7 million hack on its Optimism market. According to security firm PeckShield, the hacker donated 200 WBTC to the exchange’s hToken contract, causing the exchange rate of hWBTC to inflate. The price manipulation allowed the hacker to drain the lending pools. On April 15th, Hundred Finance sent an onchain message to the attacker in hopes of negotiating a bounty in exchange for the return of funds within 48 hours. However, negotiations appear to have failed as Hundred Finance launched a $500k reward for information leading to the hacker’s arrest and return of funds.

KZG Ceremony Reopens For Public Contributions

Ethereum’s KZG Ceremony is now re-open for public contributions. More than 80k submissions were made during the first public contribution period from January 13th through March 13th. The period was then followed by special contributions where selected community members generated entropy through unique activities. To prevent long wait times in the ceremony lobby, public contributors must connect a wallet address that has sent at least 128 transactions before Jan. 13, 2023. KZG ceremony coordinator Carl Beek says the requirement will be reduced once the lobby clears up. Contributors will be able to claim a POAP after the Ceremony has concluded.

The KZG Ceremony, or trusted setup, is an exercise that collects entropy from contributors and uses it to generate a final output known as a structured reference string (SRS). The SRS is used as part of the commitment scheme that is required for proto-danksharding EIP-4844, which is set to be implemented in the Cancun upgrade.

Lido Node Operator Slashing Event

RockLogic GmbH, a node operator on Lido Finance suffered a slashing event resulting in a total loss of roughly 20 ether. The slashing event took place on April 13th and affected 11 validators. In a post-mortem, it was determined that the slashing was due to the duplication of validator keys in two active clusters by RockLogic. On April 11th, RockLogic migrated a cluster of 500 validator keys by removing them from an initial cluster and re-importing the keys into an existing cluster. While the initial keys appeared to be deleted, a bug in Prysm caused an unexpected re-import of the deleted validator keys. The slashing impact is estimated to be ~2.4% of daily rewards.

Eignenlayer Considerations For Validators

EigenLayer published a guide for Ethereum stakers that plan to restake on EigenLayer, which is set to launch on mainnet in the coming months. Ethereum validators who have changed their withdrawal credentials from 0x00 to 0x01 and set a withdrawal address automatically receive staking rewards in excess of their 32 ether stake. Validators can only migrate once to a 0x01 credential. For this reason, EigenLayer suggests for ETH stakers with 0x00 credentials who want to restake in EigenLayer to wait for the launch of the protocol before updating their credentials. Once EigenLayer is live on mainnet, staking validators can set their credentials to EigenLayer.

Validators with 0x01 credentials are required to wait through the exit queue and deploy a new validator with 0x00 credentials. EigenLayer restakers will be able to initiate a withdrawal at any time but are subject to a 7-day withdrawal delay in addition to the exit queue on Ethereum.

Solo Staker User Incentive Programs

NounsDAO and ChainSafe have ongoing user incentives for solo stakers. NounsDAO is raffling away 10 ether per month for a three-month period to solo stakers who add the nouns “⌐◨-◨” goggle logo into their validator’s graffiti flag. Every month, 10 winning validators chosen at random each receive 1 ether. ChainSafe is running a similar program through August 2023. Solo stakers who include the word "Lodestar" in their validator graffiti flag will be eligible to win a share of $25,000 in prizes.