Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol

2 years ago 129
BOOK THIS SPACE FOR AD
ARTICLE AD

Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million.

Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol.

Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.

Rari is aware of an exploit on various Fuse pools. Borrowing has been paused globally and no further funds are at risk.

The Rari team, and the rest of the Tribe, are working mitigate the loss and recover exploited funds, and will provide updates as soon as they are available.

— Jack Longarzo (@JackLongarzo) April 30, 2022

According to CoinDesk, Fei Protocol, which merged last December with Rari, offered to crooks behind the hack a $10 million “bounty” if they will return the stolen funds. The Fei Protocol development team runs a decentralized stablecoin called Fei USD

We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.

To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.

— Fei Protocol (@feiprotocol) April 30, 2022

Researchers from Blockchain security firm PeckShield confirmed that the same reentrancy vulnerability exploited in the cyber heist was also used to target forks of the Compund DeFi protocol.

The old reentrancy bug bites again on Compound forks w/ $80M loss! This time, it re-enters via exitMarket()!!! https://t.co/NpC8AAZRXc

Watch out, all Compound forks in EVM-compliant chains. Get in touch with your auditors now or feel free to contact us if we can be of any help pic.twitter.com/M9JElTWMSd

— PeckShield Inc. (@peckshield) April 30, 2022

The attacks against the DeFi protocol are increasing, PeckShield researchers reported that as of May 1, 2022, the exploits have netted $1.57 billion from DeFi.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Rari)




Read Entire Article