Hacked Crypto Platform Offers ‘No Questions Asked’ $10M Bounty for Stolen Funds

The exploit is one of a growing number of hacking incidents on DeFi projects in recent months

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Smart contract hackers targeted merged DeFi projects Rari Capital and Fei Protocol to steal almost $80 million over the weekend
  • Rather than seek VC funding to plug the losses, the Tribe DAO, which manages their governance, may vote to make users whole

Crypto platform Fei Protocol hopes a $10 million bounty “with no questions asked” will spur hackers to return nearly $80 million of digital assets stolen over the weekend.

Fei, the stablecoin issuer which merged with crypto lending startup Rari Capital just five months ago, made the plea on Twitter hours after the exploit — in which hackers infiltrated the platform’s lending pools — was detected Saturday.

“We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage,” Fei Protocol tweeted. “To the exploiter, please accept a [$10 million] bounty and no questions asked if you return the remaining user funds.” 

Rari’s hacker leveraged a critical “reentrancy” bug buried deep within the protocol’s code. These bugs involve smart contracts calling each other to move funds without appropriate checks. 

For its codebase, Fei forked (read: copied) Ethereum money market platform Compound in early 2021. Compound enables crypto lending by valuing digital assets. It automatically determines borrowing limits and gauges market conditions to calculate interest rates.

Fei made certain changes to the code, however, and despite audits the flaw wasn’t discovered until it was too late.

Compound forks have suffered similar fates in the past. Rari even paid $2 million to security researchers who had discovered a nearly identical flaw in March.

Decentralized exchange Uniswap, DeFi platform Cream Finance, and The Dao, among other projects, have fallen victim to reentrancy attacks dating back to 2016. 

Rari also lost $11 million to smart contract hackers in an unrelated attack last May, then about 60% of the protocol’s capital.

In this case, Rari Fuse lending pools (which facilitate the lending of related ERC-20 tokens) effectively failed to keep track of how much cryptocurrency had been borrowed.

The setup illegitimately allowed for the borrowing of large amounts of cryptocurrency, withdrawal of the loan’s collateral and retention of borrowed funds, according to smart contract auditor CertiK.

The hackers flash-loaned $150 million worth of stablecoin USDC and 50,000 WETH ($141.5 million) to power more crypto loans from seven Rari Fuse pools.

After triggering a buggy “exitMarket” smart contract function, they withdrew the collateral, repaid the flash loan and kept the “borrowed” funds from Rari Fuse. The hackers repeated this process until they’d amassed roughly $80 million of crypto.

Rari Capital later disclosed another 100 ETH had been hacked Sunday from a Fuse pool on layer-2 Ethereum platform Arbitrum.

BlockSec Chief Technology Officer Lei Wu confirmed to Blockworks that 5,400 ETH of the pilfered stash had been sent to crypto mixer Tornado Cash.

The stolen funds essentially belong to Rari Fuse users who had loaned their crypto. With this in mind, Fei Protocol is not exactly the victim — despite the exploit targeting its source code. 

Rari developer Jack Longarzo told Blockworks that Rari’s Fuse platform and the Tribe DAO that manages Fei and Rari’s governance are the real victims. In fact, Tribe DAO may deliberate whether to release funds from its treasuries to make Rari Fuse users whole. Its treasury is currently worth $104 million, according to OpenOrgs.

While there’s no formal bailout proposal as yet (and Longarzo wouldn’t comment on whether one was in the works), such a move would starkly contrast the VC-funded bailouts of other embattled DeFi platforms such as Wormhole and Ronin, which have generally involved more centralized and private decision-making than a community vote.

But there is some indication that Tribe DAO participants may be losing faith. The DAO’s native token, TRIBE, is down 20% since the attack was first disclosed.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

aptos cover3.jpg

Research

A fragmented liquidity landscape across L2s has led to newfound appreciation for predominantly monolithic L1 architectures over the past year, especially when considering qualifying capabilities like high throughput and low latency. Despite Aptos being a relatively young blockchain when compared to other L1s, a combination of design choices, network adoption, partnerships, and dApp development proves that the network is primed for breakout momentum over the coming years.

article-image

At least for the near future, the majority of institutional tokenization will take place on closed, permissioned networks

article-image

Robinhood’s chief legal officer said the notice came after “years of good faith attempts” to work with the SEC

article-image

A former mayor becomes latest Coinbase policy adviser, and the special counsel of a crypto venture firm leaves

article-image

Coinbase’s Base welcomes the second iteration of its Onchain Summer, and NodeMonkes is now the most popular Bitcoin NFT

article-image

Ex Revolut executive received $6.5 million from investors to create hybrid exchange x10

article-image

If we get it right, the future of gaming will be a more open, collaborative and rewarding space for all