DeFi platforms RariCapital and Fei protocol fall prey to $80M hack

The digital currency market has recently witnessed another round of hacks in the decentralized finance (DeFi) space. RariCapital and Fei protocol, which recently formed a partnership, are the latest victims of malicious actors.

The hack was first pointed out by blockchain security company, BlockSec. In a tweet, BlockSec stated that their monitoring system had detected an attack on multiple pools in RariCapital’s Fuse lending platform. The hackers stole over $80 million by exploiting a reentrancy vulnerability in the protocols codebase BlockSec revealed, highlighting the precise line of code that was exploited to drain the pools.

one picture worth a thousand words 🙂 pic.twitter.com/dVxTMMpWZM

— BlockSec (@BlockSecTeam) April 30, 2022

Subsequently, the exploit was confirmed by RariCapital’s Jack Longarzo. Longarzo revealed that a total of six pools were attacked and were currently in bad debt. The platform has also paused ETH withdrawals for the meantime as the team is working on a fix for the vulnerability.

“Fortunately the Tribe DAO is well positioned to support a backstop. Ultimately the community will make this decision on how to move forward and provide assurances to those who may have lost funds. While this is painful today we will survive, grow, and move forward stronger,” he said.

Fortunately the Tribe DAO is well positioned to support a backstop. Ultimately the community will make this decision on how to move forward and provide assurances to those who may have lost funds.

While this is painful today we will survive, grow, and move forward stronger.

— Jack Longarzo (@JackLongarzo) April 30, 2022

Fei Protocol, which is RariCapital’s algorithmic stablecoin partner, offered the hacker a $10 million bounty to return the drained funds. Meanwhile, RariCapital also suffered from a similar hack in May last year, where it lost around $10.

We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.

To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.

— Fei Protocol (@feiprotocol) April 30, 2022

PeckShield has warned other splits of Compound protocol like RariCapital to beware of the vulnerability that the protocol just got exploited with. 

Decentralized protocol hacks increasing

As the digital currency and blockchain ecosystem have risen in value, it seems to also be increasingly attracting the attention of hackers. This year, the space has already witnessed two record-breaking digital currency thefts from blockchain platforms.

The first was the Solana-Ethereum cross-chain bridge of Wormhole which lost over $320 million in February, at the time taking the record for the biggest exploit. However, it was soon surpassed by the Axie Infinity Ronin network exploit of over $640 million in March.

One reason for the rise in attacks is the poor security audit culture in the industry. The CEO of cybersecurity firm Hacken stated in a recent interview that there might be a reduction in exploits if retail investors demanded more accountability and transparency from audit firms and projects.

Watch: CoinGeek New York panel, Investigating Criminal Activity on the Blockchain