Fei protocol, an Ethereum-based decentralized exchange, has suffered an extensive security breach a year after it merged with RAri Capital, a lending and borrowing protocol, smart contract analysis firm Blocksec reported on Saturday.
Fei Protocol Losses $80M to Hackers
According to Blocksec, multiple pools related to Fei Protocol and RAri Capital were exploited and more than $80 million worth of crypto assets were stolen. The blockchain security firm also noted that the attack was inspired by a re-entrance vulnerability.
A re-entrance attack occurs when a smart contract is intercepted from executing transactions and then a fresh transaction is initiated and finally directed to a different wallet.
Following reports of the attack, Fei Protocol announced that they are aware of the security breach, noting that all activities have been suspended temporarily on the affected pools to mitigate further damage. The project also offered a $10 million bounty to the hackers to return the stolen funds.
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.
To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
— Fei Protocol (@feiprotocol) April 30, 2022
Although the attackers are yet to respond to Fei’s request, Lei Wu, chief technical officer at Blocksec, disclosed that the hackers had already moved part of the funds to Tornado Cash, a platform that allows users to conceal transactions by executing several transactions from different sources at a time. Wu also confirmed that up to 5,400 ETH (about $15 million) have been moved to the mixer.
More DeFi Hacks
The DeFi industry has no doubt become a favorite playground for hackers. Earlier this week, Deus Finance was drained of $13million through a flash loan exploit. According to the report, the hackers manipulated the price oracle of the USDC/DEI pool before the operation was carried out.
On April 2, DeFi protocol Inverse Finance suffered a similar attack and lost $15 million worth of assets.
In January, it was BNB Chain-based DeFi project Qubit Finance. The platform lost over $80 million worth of crypto assets to hackers.
