Hackers are at it again, and this time they hit it big time.
According to a tweet from smart contract research company BlockSec, decentralized finance platform Fei Protocol and Rari Capital are the latest victims of cybercriminals.
Fei Protocol issued a $10 million bounty to hackers in an attempt to negotiate and recover a significant portion of the nearly $80 million in stolen funds from several Rari Fuse pools.
BlockSec disclosed that the hacker took advantage of a “reentrancy weakness” in Rari’s Fuse lending protocol.
In a tweet, BlockSec said:
“Our monitoring system identified many pools associated with Rari Capital and Fei Protocol as having been targeted, resulting in a loss of over $80 million.”
Fei is trading slightly below its peg, at $0.9894, late Sunday.
Same Type Of Vulnerability
According to a tweet from PeckShield, the same weakness has been exploited by hackers to target additional forks of the Compound DeFi protocol.
Fei, the algorithmic stablecoin dubbed the “Stablecoin for DeFei,” had also added liquidity to Rari Capital’s exploited pools.
On the other side, Rari Capital is a permissionless lending protocol that enables users to create Fuse pools for the purpose of supplying and borrowing ERC-20 tokens.
Based on CoinGecko data, Fei has a market capitalization of more than $500 million, making it the 11th largest stablecoin.
ETH total market cap at $322.5 billion on the weekend chart | Source: TradingView.com
Fei Hack One Of The Biggest In History
While reentrancy vulnerabilities have been the primary cause of numerous exploits by hackers inside the DeFi ecosystem, the Fei Protocol exploit’s $80 million loot makes it one of the biggest reentrancy hacks in history.
BlockSec posted a snapshot of the attack, with the phrase “One picture is worth a thousand words,” indicating that the hacker took crypto assets in Wrapped ETH.
Last year, Fei Protocol and Rari Capital joined forces following a unanimous vote in both communities. The consolidation was intended to help bootstrap liquidity for the Fuse pools, with FEI supplying the initial liquidity.
Hackers Busy Since Last Year
In May 2021, Rari Capital was the victim of a separate exploit, in which a cybercriminal stole $10.5 million in customer cash, or around 2,600 ETH.
To further analyze and neutralize the intrusion, Rari’s internal and external security engineers collaborated with DeFi service provider Compound Treasury.
As the crypto community battles fraudsters on an ongoing basis, various projects and protocols have decided to beef up their safety nets.
Last week, the Ronin Network and Sky Mavis announced intentions to improve their smart contracts in the aftermath of the previous month’s $600 million theft by hackers.