Pierluigi Paganini
May 01, 2022
Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol.
Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprime
— BlockSec (@BlockSecTeam) April 30, 2022
https://t.co/Cbtilpbuw9
Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.
Rari is aware of an exploit on various Fuse pools. Borrowing has been paused globally and no further funds are at risk.
— Jack Longarzo (@JackLongarzo) April 30, 2022
The Rari team, and the rest of the Tribe, are working mitigate the loss and recover exploited funds, and will provide updates as soon as they are available.
According to CoinDesk, Fei Protocol, which merged last December with Rari, offered to crooks behind the hack a $10 million “bounty” if they will return the stolen funds. The Fei Protocol development team runs a decentralized stablecoin called Fei USD
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.
— Fei Protocol (@feiprotocol) April 30, 2022
To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
Researchers from Blockchain security firm PeckShield confirmed that the same reentrancy vulnerability exploited in the cyber heist was also used to target forks of the Compund DeFi protocol.
The old reentrancy bug bites again on Compound forks w/ $80M loss! This time, it re-enters via exitMarket()!!! https://t.co/NpC8AAZRXc
— PeckShield Inc. (@peckshield) April 30, 2022
Watch out, all Compound forks in EVM-compliant chains. Get in touch with your auditors now or feel free to contact us if we can be of any help pic.twitter.com/M9JElTWMSd
The attacks against the DeFi protocol are increasing, PeckShield researchers reported that as of May 1, 2022, the exploits have netted $1.57 billion from DeFi.
#PeckShieldAlert As of May 1, 2022, the exploits have netted $1.57 billion from DeFi, which already surpasses the $1.55 billion stolen by exploiters throughout 2021. pic.twitter.com/QIjAmPBLXs
— PeckShieldAlert (@PeckShieldAlert) May 1, 2022
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Rari)
[adrotate banner=”5″]
[adrotate banner=”13″]
