In a recent hacking attack, DeFi protocol, Rari Captial lost funds worth around $11Million, resulting in heavy devaluation.
Rari Captial is another protocol on the DeFi network, designed to build optimized yield vaults while also giving users the opportunity to borrow and lend niche tokens. Recently, the team at Rari Captial successfully managed to integrate the Ethereum-based ibETH token from Alpha Finance, but unfortunately, it got hacked.
Flash Loan method becoming a problem for DeFi
The hack targeted the contract which is used to deposit Ethereum into the ibETH pool at Alpha Finance. Funds from Alpha Finance were safe, but the ETH pool suffered heavy exploitation, losing a massive 2600 Ethereum worth more than $10Million. The flash loan token exploit came into action yet again. The hackers used flash loans from dYdX to perform a fake value increase of the Ethereum pool on Rari Captial. This exploitation technique has been used before on another DeFi platform before as well. Flash loans are used to change token prices to absurd levels for a specific amount of time. Because ibETH is connected to Rari’s ETH pool, so the effect transferred onto Rari’s pool as well.
The ‘work’ function, which according to Rari should be impossible to activate, was somehow activated by the hacking squad. This function helped the hackers to withdraw all of the precious Ethereum from the pool. The hackers also left a note behind, saying that Alpha Finance’s fast response saved an additional $6Milion worth of user funds. This shows how the hackers had full control over the network for a short amount of time.
Alpha Finance’s Negligence
Although no one should be blamed for this incident, this problem could have been avoided if Alpha Finance had closely checked the security of the integration involving Rari Captial. Alpha Finance has been targeted in the past, involving the same type of vulnerability on integrations. Alpha Finance has said that it will fix all of these bugs that can be used to exploit their network.
Rari’s Recovery
Post attack, Rari Captial’s native token fell drastically from $18 to around $10. Despite the massive loss, the team at Rari Captial has assured its users that they are working on giving back to the ones who lost their wealth. Rari Capital has also said that they will definitely take a deep look back into the system to find any exploitation opportunities, especially when dealing with contracts.
