DeFi vulnerability leading to $6.7M exploit ‘not found’ by auditors
Decentralized US dollar stablecoin protocol Raft says it suffered a security exploit that cost the company $6.7 million last week despite multiple security audits.
According to the posthumous report of the project on November 13, a few days ago a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on the decentralized financial protocol Aave, transferred the sum to Raft and 6.7 million R tokens, Raft's stablecoin. , using a smart contract bug.
Decentralized foreign exchange balancer and Uniswap were swapped from the platform for liquidity pools, earning $3.6 million in unsanctioned pooled funds. The R stablecoin spawned after the attack.
According to the report:
“The root cause was a miscalculation issue during the creation of share tokens, which allowed the exploiter to obtain more share tokens. The attacker used the inflated value of the index to increase the value of their shares.
The smart contracts used during the crash were audited by blockchain security firms Trail of Bits and Hats Finance. “Unfortunately, the weaknesses that caused the incident were not found in these audits,” Raft wrote.
The project has filed a police report since November 10 and is working with the central exchange to track the flow of stolen money. All Raft smart contracts are currently suspended, although users who have made R will retain the ability to “pay their positions and receive their holdings.”
Decentralized stablecoins are created as collateral for users' crypto deposits. In the year In December 2022, the decentralized stablecoin HAY was pegged to the US dollar after a hacker exploited a smart contract flaw and illegally took 16 million Hay. The HAY stablecoin has since been deprecated, in part due to the protocol's exploits at 152% as part of risk management.
We know there is a security vulnerability.
We are currently investigating and will provide an update as soon as possible.
— Raft (@raft_fi) November 10, 2023
Related: September will be the biggest month for crypto mining in 2023.
