Decentralized lending protocol Rari Capital came under attack over the weekend. The exploration of the fault resulted in the theft of another US$ 80 million, around R$ 400 million in reais.
The exploitation was confirmed by Jack Longarzo, developer of Rari Capita. Fei Protocol, which merged with Rari last year. also confirmed the invasion. It then offered the anonymous attacker a $10 million reward for returning the funds.
“The Rari team and the rest of the tribe are working to mitigate the loss and recover the exploited funds. New updates will be provided as soon as they become available,” said Longarzo.
This is the third major attack on a decentralized finance (DeFi) protocol in less than two months. As a result, more than R$4 billion was stolen in these three attacks alone.
According to blockchain security firm PeckShield, it outlined the “old reentry bug”. With this flaw, the security of the protocol was compromised, which in turn caused Rari Capital to fail.
Subsequently, the hacker took advantage of this flaw and carried out the attack. The company said the total amount stolen exceeded $80 million.
Another security company, Block Sec further updated that the hacker targeted multiple Rari Capital and Fei Protocol pools. The company also confirmed the nature of the attack and the amount stolen.
Later, Longarzo also confirmed the action and revealed the measures that would be taken. First, six Rari protocol loan pools were blocked. In this way, tokens such as USDC, DAI, the FEI token and others had their withdrawals blocked.
Markets with bad debt are as follows:
Pool 8: Fei, Dai
Pool 18: Dai, USDC, Frax, Fei, Rai
Pool 27: Frax, Fei
Pool 127: USDC, Dai, Frax
Pool 144: Fei, Frax, Dai
Pool 156: Fei, Frax, Dai, USDC
— Jack Longarzo (@JackLongarzo) April 30, 2022
The developer also promised that the team is working to mitigate losses and recover exploited funds. The $10 million reward was offered to the hacker in this context, but the attacker has not yet come forward.
Among the funds stolen in the attack were those from the Fei Protocol, which develops Fei USD, a decentralized dollar-backed stablecoin. The stablecoin, however, has not seen any negative impact on its price, according to data from CoinMarketCap.
Longarzo further reported that the project has begun reviewing a potential fix for the vulnerability and has collaborated with security engineers at Compound.
New wave of attacks
The month of April registered smaller attacks than in March, but no less impactful. Two attacks were on NFT protocols, while one of them was on the DeFi Deus Finance protocol.
In the case of Deus, the hacker used an instant loan (“flash loan”) to steal tokens from the protocol. The total loss was approximately US$ 13.4 million, or R$ 66.8 million in reais.
Then came the attack on the Bored Ape Yatch Club (BAYC), who had their Instagram account hacked. The hackers included a link to a phishing website in place of the official website link for the sale of Otherdeeds and managed to steal over 90 NFTs.
Also Read: Ether Scarce? Token burning hits highs and inflation drops 50%
Also Read: Crypto.com Cuts Card Rewards, CRO Token Plunges
Also read: Metaverse Bored Ape: Users pay BRL 5,000 in fees to buy land