Crypto investor who lost $225,000 overnight warns others it’s still the ‘Wild West’

March 16, 2022, 6:05 PM UTC

After yet another hack, two decentralized finance applications took a big hit yesterday.

The attacker exploited DeFi lending platforms Agave and Hundred Finance, stealing approximately $11 million in total. Investors were left shocked and drained of funds.

Among them is Shegenerates, a crypto investor and developer, who requested to be identified by the pseudonym she uses online.  

She told Fortune she lost over $225,000, adding that the money is “pretty much gone forever.”

“Since I have so much money in Agave, and I have borrowed a lot too, I check the interest rates every day to make sure my position is healthy,” Shegenerates said. “When I logged on [Tuesday] morning, it showed that the interest rate was nearly 100% and all of the deposited funds were borrowed. ‘Uh oh,’ I thought, ‘That’s weird.’”

How it happened 

After checking Agave’s Discord chat, Shegenerates realized everyone was discussing the exploit. On Twitter, Agave confirmed it was investigating what took place, and paused smart contracts, or code that executes transactions on blockchain, in the meantime. 

Agave was exploited by what appears to be a flash loan “re-entrancy” attack, according to both Shegenerates and Agave. This means that a hacker exploited the lending platform by deploying his own smart contract to interact with the network, or protocol. With this contract, the hacker seemed to repeatedly borrow money from Agave—and by default its lenders—without putting up any collateral first. Typically, users of DeFi lending applications can borrow cryptocurrency so long as they offer collateral, or proof that they can pay back the loan.

Hundred Finance, another DeFi lending protocol, was attacked shortly after Agave, the company tweeted on Tuesday. They believe it was the same hacker.

“Crypto is still the Wild West”

Agave is a “fork,” or code copy, of extremely popular DeFi lender Aave. Aave is widely trusted within the space, with $9 billion in crypto assets deposited in Aave, according to DeFi Pulse, an analytics site. 

Because Agave used Aave’s code to run, Shegenerates was especially surprised by the hack since she views Aave and its code to be “generally safe,” she said. 

She doesn’t blame Agave or Aave, though. Instead, she thinks that the potential for this kind of exploitation just comes with the risk of investing in the space. 

“It seems top tier safe, but [it] wasn’t,” she said. 

“I feel especially bad since I told a lot of people about [Agave],” she added.

Even though she lost “a huge bag” of $225,000, Shegenerates is philosophical about the theft, and the risk she took by investing in crypto at all. Looking back, said she believes there’s “very little” anyone could have done to predict or stop the attack. 

“Crypto is still the Wild West, and it’s like putting your money in a bank or local credit union in the days when a bank robber could come and steal from them, shutting the whole thing down,” Shegenerates said. “Don’t put all your eggs in one basket, [and] understand there is always technical risk.”

Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you.