The attacker used 59,000 ETH from an instant loan from another DeFi. Rari Capital will reimburse the aggrieved with its governance token, RGT.
A new attack on a decentralized finance platform (DeFi) brought millions in losses this weekend. The new victim is Rari Capital, a DeFi whose mail protocol operates on the Ethereum blockchain.
Rari Capital itself reported the attack, through its Twitter account. According to the publication of the team, the hack closely relates to the integration of the platform with Alpha Finance Lab, another DeFi platform with which Rari Capital shares connections.
The attacker managed to keep 2,600 ethers (ETH) of the protocol, which is equivalent to more than 10 million dollars based on the price of the Ethereum cryptocurrency: more than $ 4,000.
An investigation explains how the attack on Rari Capital worked to achieve its goal. The hacker executed the theft by exploiting vulnerability in the platform.
The Modus Operandi: A Corruption in the System
The criminal took out a 59,000 ETH flash loan from another DeFi, dYdX. Then, he entered those funds with Rari Capital, inflated the ibETH pair (which earns interest for ETH holding in Alpha Homora and which Rari uses for profits in his protocol), and corrupted the system to withdraw more money from the previous operation.
The attacker withdrew the 59,000 ETH he had initially sent, plus the profit, paid off his instant loan in dYdX, and kept the difference. The address indicates the destination of the stolen funds has already been emptied. Currently, there is just over 0.3 ETH (about $ 1,400) left in it.
After the attack, it was decided to refund the stolen money using the platform’s governance token, RGT. 2 million RGT is the total amount that will be allocated, which would initially go to the growth of the protocol team and developers as an incentive. According to Jai Bhavnani, founder of Rari, these funds will serve to repay lost funds and will also play the role of a reward for those who brought support during the attack.
DeFi Seems to Have Many Vulnerabilities
Although the frequency of attacks like this on DeFi platforms seemed to have decreased, in a matter of weeks this is the third millionaire hack out there. The other two, are both to DeFi on the Binance Smart Chain.
Both chains work with a set of simple procedures for creating DeFi platforms. And given the speed of their launch to the market, they usually come with vulnerabilities of all kinds. In these three attacks, nearly $ 100 million have been lost.
The recent increase of ransomware crimes, directly relates to the constant rise of bitcoin and other cryptocurrencies, says the study, arguing that payment with these currencies is hard to detect and relate to a specific subject.
The report also highlights that those criminals who committed the ransomware usually demand payments in bitcoin, which are not received directly, and that these funds face a series of mixing services to avoid detection of the final destination, says RTF.
By: Jenson Nuñez
