Fintechs.fi

Fintech & Crypto News

Raft DeFi Platform Recovers After $3.3M Exploit and Stablecoin Depegging

In a startling turn of events, Raft, a prominent decentralised finance (DeFi) platform, recently faced a security breach that led to a $3.3 million exploit, resulting in the depegging of its stablecoin, R. This incident sent shockwaves through the crypto community, highlighting the vulnerability of DeFi platforms. However, as we delve deeper into the details, it becomes clear that the hacker behind the attack might have incurred substantial losses, offering a glimmer of hope for Raft and its users.

The Exploit and its Aftermath

On the fateful day, Raft suffered a significant breach, with the attacker managing to drain 1,577 ETH from the platform. The stolen assets, however, did not end up in the attacker’s hands. Instead, a coding error led to these funds being sent to a null address, rendering them inaccessible. This unusual twist meant that the attacker only walked away with a meagre 7 ETH, ultimately facing a net loss of 4 ETH on the entire operation.

Raft’s native stablecoin, R, bore the brunt of the exploit, as it quickly lost its dollar peg, plummeting by as much as 50%. The coin, typically valued at $1, was trading at a mere $0.18 at its lowest point before eventually stabilising around $0.70.

The Hacker’s Unconventional Actions

In a departure from the typical modus operandi of crypto hackers, the individual responsible for this exploit exhibited unusual behaviour. Instead of attempting to obscure the stolen funds using crypto mixers, the hacker unexpectedly moved by burning 1,570 ETH in a subsequent transaction. This move left them with a mere 14 ETH, reflecting the hacker’s surprising willingness to incur losses.

Igor Igamberdiev, Wintermute’s Head of Research, shed light on the exploit’s technical details. The attacker utilised interconnected contracts and initially minted 3,000 R tokens using only two cbETH. Subsequently, a 1,000 ETH flash loan was taken to manipulate the inflation index logic. However, the critical error occurred when the code for converting R to ETH was called from a separate contract with a parent contract that lacked receiver contract details. This misstep resulted in the diverted ETH being sent to a null address, effectively nullifying the attacker’s gains.

Raft’s Response and Recovery

Raft’s co-founder, David Garai, acknowledged the attack and assured users that efforts were underway to mitigate the damage. The protocol-owned sDAI in the Peg Stability Module is being leveraged to restore affected users’ funds. While this incident highlights the vulnerabilities within the DeFi space, it also underscores the resilience of platforms like Raft in responding to such challenges.

Conclusion

The Raft exploit is a stark reminder of the ever-present risks in the world of DeFi. While the initial shockwave of the attack led to the depegging of the R stablecoin, the hacker’s unexpected losses offer a silver lining. This incident emphasises the importance of robust security measures within the DeFi sector and showcases the determination of platforms like Raft to safeguard their users’ interests. As the crypto community watches closely, the industry’s response to such events will undoubtedly shape the future of decentralised finance.