Attackers stole approximately 80 million Ethereum from Rari Capital’s Fuse platform, which was caused by a smart contract code exploit.
The vulnerability has resulted in the loss of millions
A vulnerability in the Fuse software allowed attackers to access the company’s financial services by exploiting the smart contract permissions of Ethereum-based technology.
Blockchain company Blocsec announced that the Fuse platform lost around $80 million due to a reentrancy vulnerability. On Saturday, Fei Protocol’s official Twitter account confirmed that the company had lost money due to the vulnerability in the Rari Fuse platform.
Breaking: BlockSec has found that several pools linked to @RariCapital @feiprotocol were attacked and lost over US$80 million. The root cause is due to a typical reentrancy vulnerability.
https://t.co/XZ9ihkCeW0 https://t.co/bEjGEijaps– Wu Blockchain (@WuBlockchain) April 30, 2022
Multiple attacks in a short time
Another DeFi protocol attacker has managed to siphon off millions of dollars worth of cryptocurrencies from a DeFi project. On Saturday, Blocsec revealed that Rari Capital’s Fuse platform suffered an $80 million loss. Blocec said:
Our monitoring system has identified several pools related to [Rari Capital] and [Fei Protocol] were attacked and lost over $80 million. […] The cause can be attributed to a typical reentrancy vulnerability.
Rari Capital has been the victim of cyberattacks in the past. On May 8, 2021, they were attacked by hackers who forked for $11 million worth of Ethereum. At the time, Rari Capital said the following:
These funds were withdrawn from Rari Capital’s Ethereum pool before the attacker was arrested when the contracts were suspended. […] This loss represents 60% of the funds of all users of Rari Capital’s Ethereum pool.
$10 million bounty
Saturday’s attack was also confirmed by the official Fei Protocol Twitter account. The official Twitter account also put a bounty on the attacker’s head to return the stolen funds:
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and suspended all borrowing to mitigate further damage.
To the exploiter, please accept a $10 million bounty and no questions asked if you return remaining user funds.
— Fei Protocol (@feiprotocol) April 30, 2022
In the cryptocurrency space, the Defi project has faced a number of criticisms and accusations. It was recently revealed that 97% of cryptocurrency thefts in the first quarter of 2022 were due to vulnerabilities in the Defi platform.
