Decentralized finance (DeFi) platform Raft has suffered a hack resulting in the loss of approximately $3.3 million in Ethereum ( ETH).
However, the attacker’s attempt to profit from the heist may have backfired, as they incurred a loss themselves.
On-chain data reveals that the hacker drained 1,577 ETH from Raft and subsequently sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets.
Only 7 ETH remained in the attacker’s possession.
Prior to the attack, the hacker’s address had received 18 ETH through the use of a crypto mixer service called Tornado Cash, likely to fund the transactions.
After executing the transfers and paying the associated blockchain fees, the attacker’s crypto wallet was left with a mere 14 ETH, resulting in a loss of 4 ETH overall.
Following the incident, Raft’s R dollar-pegged stablecoin experienced a significant drop.
Initially valued at $1, it plummeted by 50% but later recovered to around 70 cents, according to Coinmarketcap data.
David Garai, co-founder of Raft, confirmed the attack in a post on the social media platform X (formerly Twitter).
Garai explained that the exploiter minted R tokens, which were subsequently sold to drain liquidity from automated market makers. Simultaneously, collateral was withdrawn from Raft.
“There’s been an exploit situation for Raft where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time.”
There’s been an exploit situation for @raft_fi where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time
We are investigating – post-mortem will follow soon
— DG (@davgarai) November 10, 2023
In an effort to mitigate the impact on users, Garai stated that they are using the protocol-owned sDAI in the Peg Stability Module to compensate affected individuals.
Raft functions as a DeFi lending platform and issues the R stablecoin, which is collateralized by liquid staking ether (ETH) derivatives such as Lido’s stETH. Users have the ability to mint R tokens by locking up ETH derivatives.
Poloniex Wallet Drained of $114 Million
Raft’s hack marked the second major crypto exploit on the same day. Earlier, an attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.
The hacker deployed two wallets sending stolen funds in sequence before swapping them for USD Coin ( USDC) using the Metamask swapping feature.
Following the disclosure of the hack, the company’s Customer Support announced on X that the wallet has been disabled in the meantime.
Our wallet has been disabled for maintenance. We will update this thread once the wallet has been re-enabled.
— Poloniex Customer Support (@PoloSupport) November 10, 2023
The recent incidents come as hacks and scams continue to plague the crypto industry.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.
Read the full article here