Skip to main content

Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot

DeFi investigator BlockSec’s monitoring system detected a loss of more than $80 million — citing the root cause as a typical reentrancy vulnerability.

Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 or nearly $80 million.

On April 30, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a ‘no questions asked’ commitment.

While the exact losses from the exploit were not officially released, DeFi investigator BlockSec’s monitoring system detected a loss of more than $80 million — citing the root cause as a typical reentrancy vulnerability. While reentrancy bugs have been the main culprit in many exploits within the DeFi ecosystem, the $80 million loot makes the Fei Protocol exploit one of the largest reentrancy hacks ever.

Invocation flow. Source: BlockSec

Upon further investigations, Rari developer Jack Longarzo revealed a total of six vulnerable pools (8, 18, 27, 127, 144, 146, 156) that have been temporarily paused while an internal fix is underway. At the time of writing, Rari’s internal and external security engineers partnered with DeFi service provider Compound Treasury to further investigate and neutralize the hack.

Providing further insights into the development, blockchain investigator PeckShield narrowed down the exploit to a reentrancy bug, which allows hackers to use a function and make external calls to another untrusted contract.

Security-focused ranking platform CertiK told Cointelegraph that the attacker has sent 5400 Ether (ETH) (~$15,298,900) to Tornado Cash and still holds $64,245,245.43 (22,672.97 ETH) in their wallet. The attack has drained funds from the Rari pool whilst the Fei Pools (Tribe, Curve) remain unaffected.

Last year, in May 8, 2021, Rari Capital became victim to a high-priced exploit that was related to an integration with Alpha Venture DAO (previously Alpha Finance Lab). At the time of reporting, there have been no official announcements from the Fei Protocol team on the results of their investigation.

Related: Plan for $1M bug bounties and double the nodes in wake of $600M Ronin hack

As the crypto community goes through an ever evolving battle against hackers, numerous projects and protocols have decided to amp up their security measures. On April 28, the Ronin Network and Sky Mavis revealed plans to upgrade their smart contracts — following the $600 million hack in the previous month.

The Federal Bureau of Investigation (FBI) attributed the attack to North Korea-based and state-sponsored hacking group Lazurus, as it fired off a warning to other crypto and blockchain organizations.



from https://ift.tt/hCZvqjQ
https://ift.tt/S7NeEnJ
Labels:

Comments

Post a Comment

Any questions, Please.

Popular posts from this blog

How Social Platform Chingari is Using Web 3.0 to Transform the Traditional Way We Use Social Media

The world is changing. This isn’t news to anyone, but sometimes it is nice to realize that—contrary to news headlines—not all the change is bad.  In fact, the last decade has seen so much innovation and so many improvements to technology that even 2015 seems like a different world.  Internet speeds, connecting with anyone globally (for free), and our ability to reach large groups of people without a middleman is nothing short of revolutionary. When it comes to technology evolution, this often happens with different iterations.  Once a system is mature, there’s a better idea of what we would like to change and improve.  We go back to the drawing board, target our creative minds at the issues, and create a new version that has evolved to better meet our needs.  The Internet has followed this model since its inception, evolving through three distinct stages.  We are only at the cusp of the third stage, called Web 3.0, with technologies such as blockchain and ...
Post a Comment
Read more

Five Bitcoin Price Charts Analyzing The Dramatic Q1 2022 Conclusion

There are only hours remaining until the Q1 2022 close in Bitcoin price action. With the important quarterly candle set to close tonight, let’s look at what technicals might say about the direction of the next quarter. Q1 2022 Comes To A Close For Bitcoin The first quarter of a year, often sets the tone for the year to come. In investments, a poor Q1 performance is indicative of a bad year ahead. Considering the fact that Bitcoin price is now above $45,000 after touching $32,000 this quarter, it is tough to say the performance has been “poor” by anything other than crypto standards. Related Reading | Bitcoin Weekly Momentum Flips Bullish For First Time In 2022 The cryptocurrency has recovered nearly 40% from the low, leaving a long wick behind. Such a long wick suggests that before the quarter came to a close, buyers stepped up in a major way. Buyers were able to step up in a larger capacity in Q1 2022 than bears were able to in the final quarter of last year. The bearish wick to cl...
Post a Comment
Read more

ENS DAO delegates offer perspective on DAO governance and decentralized identity

AlphaWallet CEO and Spruce co-founder talk about their roles as contributors to the Ethereum Name Service following the project's recent airdrop. Earlier this month, the Ethereum Name Service, or ENS, formed a decentralized autonomous organization, or DAO, for the ENS community.  Cointelegraph spoke to two ENS DAO delegates who applied for the opportunity to represent the community and stay involved in the decision making process: Victor Zhang, CEO of AlphaWallet, an open source Ethereum wallet, and Gregory Rocco, co-founder of Spruce, a decentralized ID and data toolkit for developers. Zhang spoke about his experience as an external contributor to ENS and an early supporter since 2018. Zhang initially sought to help ENS by offering Alpha Wallet as a user-friendly tool for  resolving .eth names and cryptocurrency wallet addresses. Essentially, if a user inputs an .eth name in the AlphaWallet, it will show the wallet address, and vice versa using reverse resolution. Alpha...
Post a Comment
Read more