Rari Capital falls victim to $11 million exploit

Published at: May 8, 2021

After a $11 million attack earlier today, Rari Capital is the latest decentralized finance (DeFi) protocol to fall victim to a high-priced exploit 

The platform, which builds optimized yield vaults and boutique lending pools, confirmed the attack in a Tweet and said that a full postmortem is forthcoming:

There has been an exploit in the Rari Capital ETH Pool related to our @AlphaFinanceLab integration. The rebalancer has removed all funds from Alpha in response. We are currently investigating the situation and a full report will be shared once everything is assessed.

— Rari Capital (@RariCapital) May 8, 2021

Per whitehat hacker Emiliano Bonassi, the exploit appears to be an “evil contract” exploit, in which an attacker ‘tricks’ a contract into thinking a hostile contract should have access or permissions. Alpha Finance announced in a Tweet that the hack was related to Rari’s interest-bearing ibETH vault, but that no Alpha funds were at risk:

Funds are SAFE on #AlphaHomora. We are notified that @RariCapital has suffered from an exploit that was due to the incorrect assumption when using HomoraBank contract, as they were setting up an ibETH pool on their platform.#Alpha team is here to help.

— Alpha Finance Lab (@AlphaFinanceLab) May 8, 2021

The hacker’s wallet currently holds 4,005 ETH worth over $15,000,000, but a portion of those funds appear to be from a separate exploit. 

Like many before him, the attacker appears to have considered sending a message to the Rari team, but cancelled the transaction. Because he paid a low gas fee, however, observers were able to notice the message as a pending transaction before it was cancelled:

The hacker has left a base64-encoded message sayingrari=REKTalpha=ok # saved rari 6mhttps://t.co/WQpiPksDOX pic.twitter.com/ruMH8Wam5s

— banteg (@bantg) May 8, 2021

While taking the aborted victory lap, the attacker’s message also seemed to imply that the Alpha Homura team prevented an additional $6 million drain. 

Already users are taking to Twitter to speculate about what form the team’s compensation plan might take. Compensating users affected by hacks and exploits is becoming an increasingly common practice, most recently with EasyFi revealing their compensation plan after a crippling $60 million exploit.

The Rari Capital team has often been a target of both community support and derision. The team is notably young, with one developer reportedly being 15 years old. One of their key investors, Twitter user Tetranode, joked on a recent Up Only podcast that, despite only being middle aged, the team frequently and playfully taunts him as a “boomer.”

As such, while some have criticized the team and attempted to blame youthful inexperience for the attack, other have noted that security practices in DeFi are continually evolving and have been quick to voice support for the team, including SushiSwap CTO Joseph Delong:

This is a tragedy, we love that team

— Jo-sofa De-lounge (@josephdelong) May 8, 2021

$RGT, Rari's governance token, is down 23.24% to $13.35 on the news. 

Tags
Ethereum
Defi
Hacks
Hackers
Related Posts
Transaction batching protocol Furucombo suffers $14 million “evil contract” hack
The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple decentralized finance (DeFi) protocols at once, fell victim to the attack at roughly 4:45 pm UTC, which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar to the $20 million “evil jar” attack that struck …
Ethereum / Feb. 27, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Curve Finance exploit: Experts dissect what went wrong
Decentralized finance (DeFi) protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a DNS hijacking incident. The automated market maker warned users not to use the front end of its website on Aug. 9 after the incident was flagged online by a number of members of the wider cryptocurrency community. While the exact attack mechanism is still under investigation, the consensus is that attackers managed to clone the Curve Finance website and rerouted the DNS server to the fake page. Users that attempted to make use of the platform then had …
Ethereum / Aug. 10, 2022
DeFi was the most attacked ecosystem in 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The DeFi ecosystem started 2023 on a bullish note, similar to the broader cryptocurrency market. However, the bullish start to the year didn’t diminish the damage caused by vulnerabilities and attacks in 2022. A new research report has highlighted that DeFi was the most vulnerable crypto ecosystem, at the receiving end of 113 exploits out of the total 167. On top of that, blockchain security experts have warned the trend could continue in 2023. …
Ethereum / Jan. 13, 2023