Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million.
Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol.
Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprimehttps://t.co/Cbtilpbuw9— BlockSec (@BlockSecTeam) April 30, 2022Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.
Rari is aware of an exploit on various Fuse pools. Borrowing has been paused globally and no further funds are at risk.The Rari team, and the rest of the Tribe, are working mitigate the loss and recover exploited funds, and will provide updates as soon as they are available.— Jack Longarzo (@JackLongarzo) April 30, 2022According to CoinDesk, Fei Protocol, which merged last December with Rari, offered to crooks behind the hack a $10 million “bounty” if they will return the stolen funds. The Fei Protocol development team runs a decentralized stablecoin called Fei USD
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.— Fei Protocol (@feiprotocol) April 30, 2022Researchers from Blockchain security firm PeckShield confirmed that the same reentrancy vulnerability exploited in the cyber heist was also used to target forks of the Compund DeFi protocol.
The old reentrancy bug bites again on Compound forks w/ $80M loss! This time, it re-enters via exitMarket()!!! https://t.co/NpC8AAZRXc Watch out, all Compound forks in EVM-compliant chains. Get in touch with your auditors now or feel free to contact us if we can be of any help pic.twitter.com/M9JElTWMSd— PeckShield Inc. (@peckshield) April 30, 2022The attacks against the DeFi protocol are increasing, PeckShield researchers reported that as of May 1, 2022, the exploits have netted $1.57 billion from DeFi.
#PeckShieldAlert As of May 1, 2022, the exploits have netted $1.57 billion from DeFi, which already surpasses the $1.55 billion stolen by exploiters throughout 2021. pic.twitter.com/QIjAmPBLXs— PeckShieldAlert (@PeckShieldAlert) May 1, 2022
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
Follow me on Twitter: @securityaffairs and Facebook
try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini
(SecurityAffairs – hacking, Rari)
The post Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol appeared first on Security Affairs.