DeFi altcoin projects Rari Capital and Fei Protocol were victims of the latest hack that resulted in more than $80 million in losses. Hackers found a flaw in the protocol and pulled millions of dollars from DeFi pools into their wallets.
Hacker withdrew $80M from DeFi altcoin projects
According to Chinese crypto writer Colin Wu, who reviewed the transaction records of the hack, hackers re-login to DeFi platforms Rari Capital and Fei Protocol. He succeeded in capturing $80 million worth of cryptocurrencies. According to data provided by BlockSec, as Wu noted in a tweet, multiple repositories associated with these platforms have been hacked. The autopsy report of the hack by Colin Wu includes:
BlockSec found that multiple pools related to Rari Capital and Fei Protocol were hacked, with over $80 million in losses. The root cause is due to a typical re-entry vulnerability.
The argument put forward by Wu is an easily usable “re-login security is the “deficit”. A reentry attack occurs when the execution of a smart contract is paused in the middle of its execution and then restarted (re-entered) once again from the beginning of execution. A well-known example of such an attack was the DAO attack that occurred in June 2016, which resulted in the theft of more than $60 million in Ethereum.
10 million reward offered to hacker who stole $80 million
Fei Protocol has issued a warning on Twitter stating that they are aware of the issue affecting multiple Rari Fuse pools. All debit transactions on their accounts have been stopped to prevent money laundering in the future. To reward the hacker, the author of the tweet promised to withhold $10 million from the stolen cryptocurrency as a reward and return the remaining funds belonging to his subscribers to them.
As we have mentioned in the news of Cryptokoin.com, in the early morning hours of April 28 hackers attacked the DEUS Finance (DEUS) pools and caused $13.4 million in victimization. It seems that DeFi altcoin projects continued their work for a while to get rid of security vulnerabilities.