Key Takeaways:
- Rari Capital and Fei Protocol suffered an exploit that resulted in the loss of nearly $80 million.
- Losses due to hacks grew 695% in Q1 year-on-year.
NEW DELHI (CoinChapter.com) — On Apr 30, Decentralized Finance (DeFi) platforms Rari Capital, and Fei Protocol were victims of an exploit that saw the projects lose roughly $80 million.
Smart contract analysis firm BlockSec, malicious elements targeted a reentrancy vulnerability in multiple pools related to the two projects.
To recap, Fei Protocol merged with Rari Capital in Dec last year. Both projects are a fork of the Compound, a platform that seeks to incentivize a decentralized network of computers to operate a money market.
Blockchain security firm Peckshield noted that hackers had exploited the same reentrancy vulnerability to attack other forks of the Compound DeFi protocol.
Meanwhile, Fei Protocol’s unverified Twitter account acknowledged the attack on its partner Rari’s Fuse pools.
In detail, a reentrancy attack involves a function making an external call to another untrusted contract. Then, the untrusted contract makes a recursive call back to the original function in an attempt to drain funds.
A famous example of the reentrancy attack is the 2016 hack of The DAO, which led to a hardfork that split the Ethereum chain in two.
Also Read: The Graph (GRT) token might jump 380% if the bullish pattern holds
Rari also acknowledged the hack, assuring users that the protocol has paused borrowing. The protocol also promised that there was no further risk to the funds. Meanwhile, Fei Protocol also offered a reward of $10 million to the hacker as a bounty, “no questions asked.”
However, the hacker has already started moving the stolen crypto funds to Tornado Cash to mask transactions. Santoro stated in a Discord post that Fei would publish a detailed post-mortem of the hack “after further analysis.”
Q1-2022 Sees Spike In Losses Due To Hacks
The Rari-Fei exploit is the latest attack on the growing Decentralized Finance sector. In late Mar, Axie Infinity’s Ronin Network suffered an exploit of about $625 million, the biggest hack in DeFi history.
In Feb earlier this year, malicious elements exploited Wormhole, a blockchain bridge on the Solana network, for about $120 million. Moreover, on Apr 30, Stablecoin DEX Saddle Finance suffered an exploit that drained the platform of $13.8 million in Ether.
However, white hat hackers from BlockSec recovered $3.8 million.
As of Mar 2022, the Web3 ecosystem has lost nearly $1.23 billion, according to a report from Immunefi. The number accounts for any hacks and fraudulent events. Q1 losses in 2022 are up 695% from Q1-2021’s losses of $154.6 million, the report stated.
Also Read: KAVA eyes 137% gains as it breaks out of bullish pattern.
DeFi is a nascent market sector that suffers from a lack of experienced developers. As a result, the sector’s growing adoption also comes with risks of hacks and exploits. Moreover, an attack results in financial losses and a loss of investor confidence in the project.
But, developers and projects learn from mistakes, and each attack helps strengthen the security of other involved projects.
