Rari Fuze hacker offered $10M bounty by Fei Protocol to come back $80M loot

Decentralized finance (DeFi) platform Fei Protocol offered a $ten million bounty to online hackers so that they can negotiate and retrieve a significant slice of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million.

On Saturday, Fei Protocol informed its investors a good exploit across numerous Rari Capital Fuse pools while requesting the online hackers to come back the stolen funds against a $ten million bounty along with a “no questions asked” commitment.

As the exact losses in the exploit weren’t formally released, DeFi investigator BlockSec’s monitoring system detected a loss of revenue in excess of $80 million — citing the main cause like a typical reentrancy vulnerability. While reentrancy bugs happen to be the primary offender in lots of exploits inside the DeFi ecosystem, the $80 million loot helps make the Fei Protocol exploit among the largest reentrancy hacks ever.

Invocation flow. Source: BlockSec

Upon further investigations, Rari developer Jack Longarzo revealed as many as six vulnerable pools (8, 18, 27, 127, 144, 146, 156) which have been temporarily stopped while an interior fix is going ahead. During the time of writing, Rari’s internal and exterior security engineers partnered with DeFi company Compound Treasury to help investigate and neutralize the hack.

Supplying further insights in to the development, blockchain investigator PeckShield narrowed lower the exploit to some reentrancy bug, which enables online hackers to utilize a function making exterior calls to a different untrusted contract.

Security-focused ranking platform CertiK told Cointelegraph that the attacker has sent 5400 Ether (ETH), or $15,298,900 during the time of writing, to Tornado Cash but still holds 22,672.97 ETH, or $64,245,245.43 during the time of writing, within their wallet. The attack has drained funds in the Rari pool as the Fei Pools (Tribe, Curve) remain unaffected.

This past year on May 8, 2021, Rari Capital grew to become victim to some high-priced exploit which was associated with the combination with Alpha Venture DAO, formerly Alpha Finance Lab. At time of writing, there has been no official bulletins in the Fei Protocol team around the outcomes of their analysis.

Related: Arrange for $1M bug bounties and double the amount nodes in wake of $600M Ronin hack

Because the crypto community experiences a constantly evolving fight against online hackers, numerous projects and protocols have made the decision to amp up their safety measures. On Th, the Ronin Network and Sky Mavis revealed intends to upgrade their smart contracts — following a $600 million hack in the last month.

The U . s . States Fbi (FBI) attributed the attack to North Korea-based and condition-backed hacking group Lazurus, because it fired off an alert with other crypto and blockchain organizations.

Latest stories

You might also like...