Five months after the merger of Rari Capital and Fei Protocol, the combined crypto project said on Saturday that they had suffered a $77 million hack.
More Into the Exploitation by Crypto Hackers
Fei Protocol’s unverified account tweet said that it was aware of the exploit that targeted multiple pools belonging to Rari Capital, its merge partner. The tweet was confirmed by the founder of Fei, Joey Santoro, and post on the decentralized discord server of the finance project.
The tweet informed that the root cause of the hack had been identified, and they had to pause further borrowings to mitigate any more damage. Fei has offered a $ 10 million ransom to the hacker with no questions if they returned the client user’s remaining funds.
In the meantime, the hacker has started transferring the crypto to a service called Tornado Cash, which allows one to mask their transactions.
So far, about 5400 Ether tokens have been transferred, worth $15 million at current prices as per Lei Wu, the Chief Technology Officer of BlockSec, a blockchain security firm, and also from a review of activity on Etherscan.
This exploit is the latest to attack a DeFi network that allows users to lend and borrow digital assets after bypassing the traditional intermediaries, along with an added advantage of anonymity. In February, hackers stole $320 million worth of cryptocurrency after attacking a Wormhole, a communication bridge between DeFi networks and Solana blockchain.
Fei Protocol focuses on developing algorithmic stablecoin whose value is pegged to the U.S. dollar. They can be easily used by DAO or decentralized autonomous organizations. Rari capital allows users to borrow, lend and farm high yields tokens via Fuse, an exciting protocol that does not require any permission.
According to the post by Santoro on the Fei’s server discord, the hacker stole funds from many Fuse pools, exploiting the so-called reentrancy vulnerability. He promised to publish a detailed post-mortem of the attack after a complete analysis.
A reentrancy attack happens when the smart protocol contract contacts an external smart contract. In return, a response comes from an external agreement that looks to exploit the vulnerability in the code of the initial call. A well-known incident similar to this type of attack in 2016 DAO hacking was analyzed by crypto developer Moralis. The fallout of this attack led to the Ethereum blockchain splitting itself into two.
Santoro said that the remaining funds on Rari that are not exploited should be protected from further attacks. Fei Protocol will continue to be pegged to the U.S. dollar and will remain as it is separate from Rari Capital.
