Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol

Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million.

Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol.

Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.

According to CoinDesk, Fei Protocol, which merged last December with Rari, offered to crooks behind the hack a $10 million “bounty” if they will return the stolen funds. The Fei Protocol development team runs a decentralized stablecoin called Fei USD

Researchers from Blockchain security firm PeckShield confirmed that the same reentrancy vulnerability exploited in the cyber heist was also used to target forks of the Compund DeFi protocol.

The attacks against the DeFi protocol are increasing, PeckShield researchers reported that as of May 1, 2022, the exploits have netted $1.57 billion from DeFi.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Rari)

[adrotate banner=”5″]

[adrotate banner=”13″]