DeFi vulnerability resulting in $6.7M exploit ‘not detected’ by auditors

by Jeremy November 13, 2023

Decentralized U.S. greenback stablecoin protocol Raft claims that regardless of a number of safety audits, the agency nonetheless suffered a safety exploit resulting in the lack of $6.7 million final week.

In keeping with the challenge’s Nov. 13 autopsy report, a number of days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million Raft stablecoin, dubbed “R,” utilizing a wise contract glitch.

The unauthorized minted funds have been then swapped off the platform by means of liquidity swimming pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the assault.

In keeping with the report:

“The first root trigger was a precision calculation concern when minting share tokens, which enabled the exploiter to acquire additional share tokens. The attacker leveraged the amplified index worth to extend the value of their shares.”

The good contracts exploited throughout the incident have been audited by blockchain safety companies Path of Bits and Hats Finance. “Sadly, the vulnerabilities that led to the incident weren’t detected in these audits,” Raft builders wrote.

The challenge says that because the Nov. 10 incident it has filed a police report and is presently working with centralized exchanges to trace down the circulate of the stolen funds. All Raft’s good contracts are presently suspended, although customers who minted R “retain the flexibility to repay their positions and retrieve their collateral.”

Decentralized stablecoins are minted utilizing customers’ crypto deposits as collateral. Final December, decentralized stablecoin HAY depegged towards the U.S. greenback after a hacker took benefit of a wise contract glitch and minted 16 million HAY with out correct collateral. The HAY stablecoin has since re-pegged, partly, as a result of protocol requiring a collateralization ratio of 152% on the time of exploit as a part of danger administration.

We’re conscious of a possible safety vulnerability.

We’re presently investigating and can present an replace as quickly as we are able to.

— Raft (@raft_fi) November 10, 2023

Associated: September turns into the most important month for crypto exploits in 2023

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

DeFi vulnerability resulting in $6.7M exploit ‘not detected’ by auditors

Binance Deployer-Linked Pockets Suffers $27M USDT Theft

Bitcoin fund holdings hit report excessive as ETF anticipation stirs optimism

Related Posts