Decentralized finance (DeFi) startup Rari Capital is revealing the details behind the attack that cost 2,600 ETH, or roughly $10 million in losses.
Rari Capital, which owns a suite of products offering optimized yield vaults and lending pools, was the victim of a hack early this Saturday.
The targeted product was the team’s Ethereum mining pool that integrates with Alpha Finance’s ibETH token as one of their yield-generating strategies.
In a statement regarding the event, Rari Capital explains there was a weakness in the integration between their platform and Alpha Finance’s, which allowed the attacker to manipulate the code. The hacker was able to deposit into Rari’s Ethereum pool and then withdraw more than they deposited.
Rari Capital asserts that they were completely unaware of the fault in the code. The firm notes that the integration code was audited by blockchain security firm QuantStamp, but went unnoticed.
The total losses amounted to 60% of all the users’ funds inside the Ethereum Pool.
In the process of the attack, the hacker considered leaving a message behind, but changed their mind and canceled the transaction. However, crypto sleuths were able to catch the message written on the pending transaction before it was canceled.
The message read:
“rari=REKT alpha=ok # saved rari 6m.”
Presumably, the message suggests Alpha Finance in some way prevented the hacker from stealing an additional $6 million from Rari Capital.
In its blog post summarizing the series of events involved in the attack, Rari Capital vows to implement a list of changes necessary to prevent any further hacks. First on the list was a new process for integrating with any new protocols.
“Enlist the protocols we integrate to review our integrations of them for security. This is by far the most important security measure, as the protocols themselves know the code they wrote better than anyone else.”
Rari’s governance token, RGT, took a hit following the attack, dropping from $18.22 to a low of $10.02. It is now trading at $13.35 at time of writing.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/Tithi Luadthong