Rari itself was the victim of an $11 million hack in May 2021. In 2020, the reentrancy hack of the project caused a loss of around $25 million. Other hacks include, in 2021, a $600 million Grim Finance exploit, a $130 million hack in CREAM.Finance - which was breached three times that year - and a $7.2 million BurgerSwap hack. The most famous reentrancy hack was the $60 million to $70 million DAO incident of 2016. This latest one, Wu says, may be the "biggest ever loss in terms of value."
There have been several reentrancy flaw attacks in the past, including many that have resulted in significant losses. By deploying this attack on multiple pools, the hacker was able to drain an enormous amount of funds from the protocol," Gu says. This then creates a window of opportunity for a hacker to call the smart contract again and reinitiate the transaction before its balance has been updated.
#Moviestarplanet hacks with no surveys code
This is possible as there was a loophole in the smart contract code whereby the smart contract only updates its balance after sending out the funds.
In this case, "this essentially means the hacker was able to initiate a transaction by using ETH as collateral, and then reclaim the deposited ETH without paying back the borrowed funds. "This is a typical reentrancy vulnerability," he says.ĬertiK co-founder Ronghui Gu tells ISMG that a reentrancy attack happens when a hacker is able to exploit a vulnerability in a smart contract to force it to continually mint and send tokens in a transaction to a malicious wallet. Wu also says the hackers exploited a reentrancy vulnerability to steal the funds. Such an incentive may not be fair to the real white hats." Reentrancy Vulnerability Wu tells ISMG that members of the security community "do not encourage such a behavior because it seems to be an incentive for the attackers. Many cybersecurity professionals, including BlockSec CTO Lei Wu, do not condone the DeFi platforms' move to offer the hackers who stole the funds a bounty. Rari Capital too has offered an explanation of the hack, including the flaw's origins and future steps, and more details have been disclosed on the Rari developer's tweet thread.įei Protocol, its founder Joey Santoro, and Rari Capital have not responded to ISMG's request for additional details and comment. Midas Capital, a fork of Rari Capital, has disclosed the technical details of how and why the attack happened. Blockchain security firm CertiK also confirms this to ISMG, adding that the hacker is already moving funds to Tornado Cash, a privacy protocol that obfuscates the flow of funds. Neither of the platforms provided details on the amount of funds stolen.īlockchain security firm BlockSec, however, tells Information Security Media Group that about $80 million was stolen from the platform. The Rari team, and the rest of the Tribe, are working mitigate the loss and recover exploited funds, and will provide updates as soon as they are available.- Jack Longarzo April 30, 2022 Borrowing has been paused globally and no further funds are at risk. Rari is aware of an exploit on various Fuse pools. Even as the company is "still investigating the Fuse exploit alongside security experts," it has currently disabled borrowing. The funds, it says, were stolen from Rari Fuse, which is a customizable, open interest rate protocol that allows users to lend and borrow digital assets.
See Also: Live Webinar Tomorrow | Remote Employees & the Great Resignation: How Are You Managing Insider Threats? Decentralized finance platform Fei Protocol has offered a $10 million "no questions asked" bounty to hackers in an attempt to recover some of the funds stolen from its recently merged decentralized autonomous organization partner Rari Capital.
0 kommentar(er)
