DeFi exploits have become a recurring theme this year, with nearly $1 billion lost already in just a little over the first quarter. Blockchain analytics and security group BlockSec revealed a new DeFi exploit of about $80 million.
Rari Capital Attacked In Fresh Exploit
According to a BlockSec report via their Twitter handles, DeFi platform Rari Capital has been attacked by hackers. The hackers have made away with $80 million in digital assets, as per the tweet.
BlockSec disclosed that the target of the hack was Rari Capital’s Fuse Platform which equips developers with the framework to create custom lending platforms. The group revealed that hackers took advantage of a vulnerability in the reentrancy protocol of the Fuse Platform’s smart contract.
Pools targeted by the exploit included Fei Protocol, the issuer of a dollar-pegged stablecoin called Fei USD. The Fei Protocol team was the first to confirm the exploit. In a message now shared by Rari Capital, the team confirmed that they had identified the cause of the hack, and lending on the platforms had been suspended, offering a $10 million bounty to the hacker for the safe return of the stolen funds.
“We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds,” said Fei Protocol in a tweet.
A Year Marked By Several DeFi Exploits
DeFi vulnerabilities have come to the fore this year, nearly equalling the $1.3 billion lost in 2021 to DeFi hacks in just five months in 2022. The Rari protocol joins the Ronin Network, Inverse Finance, and Beanstalk, all of which have suffered from exploits this year. In many of these hacks, the Ethereum mixing protocol Tornado Cash has played a key role in helping hackers hide their trails.
The Ronin attack is the largest in terms of digital assets lost, with the network losing about $625 million in the hack. Notably, US law enforcement has since linked the attack with a North Korean State-funded group called Lazarus.
As per recent reports, Ronin creators Sky Mavis are currently working on beefing up security and reimbursing affected community members. Binance has also helped recover a fraction of the loot as the hackers tried to sell them on the leading exchange.