Decentralized finance (DeFi) protocol Rubic has lost nearly $1.4 million to a security breach on Christmas Day The masterminds have already transferred 1,100 ETH of the exploited funds to cryptocurrency mixing protocol Tornado Cash, according to a report by PeckShield.
Rubic Exchange is a multichain DEX aggregator that offers peer-to-peer trading, instant token swaps, and limit orders. The DeFi protocol allows users to create their token bridge and allow users to make deposits using fiat on-ramp. Rubic’s official website shows Certik and Fairyproof had audited the protocol before the attack.
Rubic Makes USDC Router Mistake
The hackers exploited Rubic when the project’s team mistakenly added USDC to supported routers. This allowed the attackers to gain access to the protocol’s routers and loot user funds.
The exploiters were also able to drain the funds from users due to a lack of validation in routerCallNative. The affected users have approvals from the RubicProxy.
Rubic Confirms Attack
Rubic confirmed the attack in a tweet on its official Twitter handle, stating that one of its routing contracts might have been compromised. Rubic also confirmed that their token and DEX liquidity was intact and not lost in the attack.
The project added that it would stop other contracts until it fully understood the situation and pleaded with users to continue using their platforms.
Increasing Concerns Over DeFi Hacks
The increased attacks on blockchain bridges and the vulnerability of routers are becoming a fear for investors. The recent attacks on routers have increased in recent times, exposing the permeability of the bridges.
Rubic attack has added to the numerous hacks on routers this year. Earlier this year, Axie Infinity’s Ronin was exploited, incurring a loss of $615 million. Nomad has also lost $200 million to hackers this year.
Most of these hacks can be traced to poor validation in the network, as the hackers need to break a few layers of protection to transfer assets out of the bridge.
