Ethereum: They steal $ 80 million in one click, Rari Capital looted

Funds are not safe – Ecosystem decentralized finance (DeFi) has grown significantly and has several thousand protocols. In practice, the code of most of these protocols was copied from other protocols. Unfortunately, some developers inadvertently introduce vulnerabilities by copying and modifying the protocol code, and put users’ money at risk. The Fuse protocol, managed by Rari Capital, learned about this during a hack this weekend.

Rari Capital fuse: $ 80 million hack

fuse it is a decentralized financial protocolEthereum developed Rari Capital. It offers a decentralized lending and savings service. In practice, Fuse is nothing but a Fork the compiled protocol code to which changes have been made.

On Saturday, April 30, the team from BlockSeca company that specializes in blockchain analysis has announced that they an attack targeting the Fuse protocol was detected. At the time of announcement, the loot is $ 80 million.

Hacking announcement from BlockSec.
BlockSec hacking announcement – Source: Twitter.

Subsequently, several Internet users were concerned about the vulnerability of the Fuse instance deployed on Arbitrum. Although Rari’s team said “no Arbitrum pool is vulnerable,” they quickly took advantage. In general, 100 ETHor $ 290,000 were deleted by an attacker on Arbitrum.

In total, the attacker stole 9 different assets, namely:

  • 6037 ETH;
  • 20,251,603 EIF;
  • 14,278,990 providers;
  • $ 1,948,952;
  • $ 10,055,556;
  • $ 132,959;
  • IAR 31,615;
  • 13,101,364 FRAX;
  • $ 2,765,891.

At the same time, this attack also strongly affected the Fei protocol, the origin of the eponymous stablecoin. Indeed, the protocol managed the pool in the Fuse market.

>> Make a security choice! Come and get acquainted with bitcoins together with Binance (affiliate link)

The course of the attack

Unusually, the attacker did not reinvent the wheel. Thus, the latter used the so-called disadvantage re-login. This type of defect occurs when a function can call another function without completing it.

In the case of Fuse function exitMarket () allows you to withdraw funds deposited as collateral. however, it does not carry out the necessary checks to guarantee the return of borrowed funds.

Thus, the attacker was able to carry out his attack in 4 steps:

  • The attacker took an instant loan of 150,000,000 USDC and 50,000 WETH;
  • He contributed $ 150,000,000 as collateral to Fuse;
  • Received a loan of 1977 ETH on previous security;
  • Like the function lend() does not directly register the use of collateral for the loan, the attacker could directly call the function exitMarket () giving him the opportunity to repay the collateral, while maintaining the loan;

These steps were then repeated on fuse pools 8, 18, 27, 127, 144, 146 and 156. After the pools were exhausted, the attacker repaid his instant loan and continued to send his funds under the Tornado Cash protocol, trying to launder them.

Hope for a refund?

Unlike many attackers, the Fuse Protocol attacker did not send all the money through Tornado Cash. Indeed, the latter sent only $ 15 million under the Tornado Cash protocol.

Soon there were several rumors that he was ready to return some of the money in exchange for a generous reward of $ 15 million.

on his side, Rari Capital has offered a reward of $ 10 million to the attacker. Now it remains to wait for his answer.

Rari Capital is offering the striker a reward of $ 10 million.
Rari Capital is offering the striker a reward of $ 10 million.

Unfortunately for Fuse, the attacker was smarter than Zeed. In effect, The Zeed attacker forgot to collect his loot before canceling the contract used in the attack. The result of the race, $ 1 million is blocked forever.

Whether you are a fan of DeFi, Bitcoin or one of the cryptocurrencies that fill the market, it is important that you Binance account major player in the trading ecosystem (affiliate link)