In a latest exploit, DeFi protocol Raft has lost approximately $3.3 million in ETH by the hacker abusing its R stablecoin.
Raft shared a post confirming the vulnerability and paused the minting of R stablecoin.
Update: Further minting of R has been paused.Existing users are still able to repay their positions and receive their collateral.
— Raft (@raft_fi) November 10, 2023
In order to execute the exploit, the hacker created a set of inter-connected contracts and used just 2 cbETH initially and minted 3000 R. Then the hacker took a 1000 ETH flashloan to exploit the inflation index logic.
However, unlike other exploits where stolen funds are sent to crypto mixers, this time it seems something unusual. While receiving 1577 ETH through exploiting Raft, the hacker pulled 18 ETH from the crypto mixer Tornado Cash. The hacker surprisingly burned 1570 ETH in a subsequent transaction and now only left with 14 ETH.
Hacker has apparently taken a loss of 4 ETH if additionally ETH sent via Tornado Cash is subtracted.
Igor Igamberdiev, the Head of Research at Wintermute, said that the code for converting R to ETH was called from a separate contract which also had a parent contract with no receiver contract detail. “So, instead of sending ETH to the attacker, coins went to the null address, which has no private key,” Igor said.
Read More
- KUNCI PREDICTION. KUNCI cryptocurrency
- MDT PREDICTION. MDT cryptocurrency
- Ethereum price prediction: is the bullish trend sustainable?
- OPUL PREDICTION. OPUL cryptocurrency
- Nearly $6.5b in Bitcoin and Ethereum options are set to expire
- EU Seeks to Enhance Crypto AML/CFT Compliance Standards
- CZ’s Exit from Binance: Is it the End of an Era or a Fresh Start?
- ICE PREDICTION. ICE cryptocurrency
- Bitcoin holder claims hacker stole 139 BTC, paid record $3m in fees
- CAST PREDICTION. CAST cryptocurrency