The decentralized finance protocol ( DeFi ) Rari Capital suffered a hacker attack on Saturday, said project leader David Lucid in a publication on Medium. The loss was 2,600 Ethereum.
At the current price, the value represents US$10.6 million, according to the Ethereum Price Index (IPE).
Thank you for reading this post, don't forget to subscribe!Rari Capital posted a tweet to announce the attack, promising to investigate the incident. “There was an invasion of the Rari Capital ETF Fund, related to our integration with @AlphaFinanceLab. The rebalancing withdrew all Alpha funds in response. We are currently investigating the situation, and a full report will be shared as soon as everything is assessed. ”
The hacker left a base64-encoded message that said: “rari = REKT. alpha = ok # saved rari 6m. ”
According to Lucid, the attack was directed at an Ethereum liquidity pool that has recently been integrated into Alpha Finance Labs’ ibETH token, which is an RFi partner DeFi protocol. It was somewhat similar to the case with the Spartan Protocol.
In short, this hacker’s invasion allowed the attacker to manipulate values and artificially push them up. By repeating the maneuver several times, he was able to withdraw more than US$10 million, equivalent to 60% of the funds of all users who participated in the pool.
“To avoid problems like this in the future, we will rely on the protocols we affiliate with to review our integrations as a form of security. This is by far the most important measure ”, wrote the project representative.
According to the company, the exploited code had been audited by Quantstamp (a company that conducts audits on smart contracts), which was also unable to identify the flaw.
Attack procedures
Accordint o Rekt News, the attacker’s actions on BSC were as follows:
1: Create a fake token and pool it with BNB on PancakeSwap in order to use Alpaca Finance.
2: Interact with Alpaca Finance, where when calling approve() for a fake token, a payload is called, which allows an attacker to use VSafe through Codex farm to get vSafeWBNB
3: Convert vSafeWBNB to WBNB
4: Transfer WBNB to Ethereum through Anyswap.
Repeat 2x.
Then, the attack on Rari went as follows:
1: Create a fake token and pool with it on SushiSwap
2: Interact with Alpha Homora, where a payload is also called so that the attacker can get ibETH in the Rari ETH pool contract.
3: Convert ibETH to ETH in the Rari ETH pool.
As a result, 2.9k ETH ($11.1M) was stolen, and another 1.7k ETH was at risk before the actions of the Rari team.
The total profit from the two attacks was $15M in ETH.
credit: frankresearcher
The Rari Capital governance token $RGT fell sharply in price following the attack.
The attacker decided to voice their opinion on the involved protocols, but it seems they had second thoughts, as they tried to cancel the transaction. However, they set the gas too low and the cancellation didn’t go through for 20 minutes, giving everyone time to see their message.
Unprecedented attack
According to research analyst Igor Igamberdiev of The Block, this was the first time that there was cross-chain exploitation in DeFi. He said that the hackers at Rari Capital are the same ones who attacked the Value DeFi project on Twitter.
Last Thursday (6), Value DeFi was invaded and had a loss of US $ 10 million. Three days later, on Saturday, came another attack that took another $ 11 million from the project that operates on the Binance Smart Chain.
In another exploration in November last year, the same protocol had already lost US$7 million. Altogether, Value DeFi has already suffered three attacks in six months.
Money back
In the case of Rari Capital, the developers agreed to reimburse investors with 2 million Rari Governance Token (RGT) – the project’s native token – which would be used initially to improve the team.
After the exploration was released, the RGT fell 45% in one hour, according to CoinGecko.
On Monday (10), the price of the cryptocurrency has recovered and is worth about $ 12.80, which ensures that all users affected to get their money back.