Both Agave and Hundred Finance on Gnosis Chain were simultaneously exploited via reentrancy on ERC-677 token callbacks, losing $11M combined.
The attacker exploited reentrancy vulnerabilities in both Agave Finance and Hundred Finance on Gnosis Chain in the same block. Using wrapped native tokens (WETH, WBTC) that implement ERC-677 token callbacks, the attacker triggered reentrant borrows before the lending protocol's state was updated, allowing them to drain borrowed assets far exceeding their collateral.
Stolen funds bridged from Gnosis Chain to Ethereum via the xDAI bridge. ETH proceeds deposited into Tornado Cash. Both Agave and Hundred Finance paused their protocols and published post-mortems. The incident highlighted risks of ERC-677 token callbacks in lending protocols. Neither protocol recovered stolen funds.