After an $ 11 million attack, Rari Capital is the latest DeFi protocol to fall victim to a high-priced exploit.
On May 9, Rari published a report on the attack explaining how an attacker managed to empty the Ethereum pool of 2,600 ETH. The report confirmed that the loss was equal to 60% of all user funds in the Rari Capital Ethereum Pool, which was worth approximately $ 10 million at the time.
According to Whitehat hacker Emiliano Bonassi, the exploit appears to be an “evil contract” exploit, in which an attacker tricked a contract into believing that a hostile contract should have access or permissions. Alpha Finance announced in a tweet that the hack was related to Rari’s interest-bearing ibETH vault, but that no alpha funds are at risk.
According to Alpha Finance, the function for calculating the total amount in the pool was manipulated from the smart contract in order to call other functions from Rari’s ETH pool contract. This enabled the attacker to deposit ETH gained from a dYdX flash loan and repeatedly withdraw more than was actually in the pool.
On May 10, Rari founder Jai Bhavnani posted an update that revealed that all those involved in the protocol had voted to return the 2 million RGT tokens originally earmarked for developer incentives to the project’s decentralized autonomous organization (DAO) to compensate the users affected by the hack.
Rari isn’t the only protocol trying to compensate its users. The cross-chain DeFi protocol EasyFi announced that 25% of the funds lost will be distributed immediately to users in the form of stablecoins, while the remaining 75% will be distributed as “IOU” tokens that will be redeemed for EZ v2 tokens can.
P.S. You Can Support me For Free Through ALL of these Links and earn some Crypto/Money Yourself! https://allmylinks.com/zealdorn
Disclaimer: These lines are not a substitute for investment advice, investments in the crypto market are made at your own risk. Invest only as much as you are willing to lose. I get commissions for purchases made through links in this post.