Chinese crypto journalist and blogger Colin Wu has spread the news about a hacker attacking DeFi platforms Rari Capital and Fei Protocol, draining them for a massive $80 million in crypto.
Multiple pools related to these platforms have been attacked, tweeted Wu, citing data provided by BlockSec.
Breaking: BlockSec found that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability.
— Wu Blockchain (@WuBlockchain) April 30, 2022
https://t.co/XZ9ihkCeW0 https://t.co/bEjGEijaps
The reason cited by Wu is a re-entrance vulnerability which can often be exploited. A re-entrance attack takes place when an execution of a smart contract gets interrupted in the middle and then initiated from the beginning once again (re-entered).
A famous example of such an attack was the DAO hack in June 2016, when over $60 million in Ethereum was stolen.
Fei Protocol also posted a tweet, saying that they are aware of the exploit on multiple Rari Fuse pools. They have suspended all borrowing operations on them to prevent further stealing of funds. The author of the tweet has offered the hacker to keep $10 million from the stolen crypto as a bounty and return the rest of the funds that belong to their users.
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.
— Fei Protocol (@feiprotocol) April 30, 2022
To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
Alex Dovbnya
Denys Serhiichuk
Gamza Khanzadaev