Raft Protocol Reports $6.7 Million Loss Due to Smart Contract Exploit Despite Prior Audits
Summary:
Raft, a decentralized US dollar stablecoin protocol, has reported a security exploit that resulted in a $6.7 million loss despite several audits. The hacker borrowed 6,000 Coinbase-secured staked Ether (cbETH) from the Aave decentralized finance protocol, transferred it to Raft and exploited a smart contract bug to mint 6.7 million Raft stablecoins. These unauthorized funds were exchanged for $3.6 million through decentralized exchanges. Raft is now working with law enforcement and centralized exchanges to trace the stolen funds. The incident underscores the ongoing security vulnerabilities in the crypto arena.
The decentralized US dollar stablecoin protocol, Raft, has disclosed a recent security breach which resulted in a loss of $6.7 million, despite undergoing several security audits. On November 13th, Raft released a detailed analysis of the event, stating that a hacker managed to loan 6,000 Coinbase-secured staked Ether (cbETH) from the Aave decentralized finance protocol. This loan was then transferred to Raft where the hacker exploited a smart contract error, successfully minting 6.7 million Raft stablecoins, aptly named "R”. The unauthorized funds were subsequently exchanged via liquidity pools on the decentralized exchanges Balancer and Uniswap, gaining an income of $3.6 million. Insiders note that the R stablecoin has since deviated from its pegged value following the event. According to the analysis, "The primary trigger was an accuracy issue during the generation of share tokens, which allowed the intruder to gain additional share tokens. The criminal manipulated the inflated index value to enhance the value of their shares." The compromised smart contracts had previously been scrutinized by blockchain security houses Trail of Bits and Hats Finance, yet the vulnerabilities remained undetected. The Raft team has since notified law enforcement agencies of the November 10 incident and is working closely with centralized exchanges to follow the path of the stolen funds. Currently, all of Raft's smart contracts have been placed on hold, despite users who minted R "still being able to settle their positions and claim their backing funds." Decentralized stablecoins are created using the direct deposit of users' cryptocurrency holdings. Simultaneously, last year, stablecoin HAY's tethered parity to the U.S. dollar was affected when a hacker manipulated a smart contract error and created 16 million HAY without the necessary backing. The HAY stablecoin has since been partly rescued thanks to the protocol requiring a collateral requirement ratio of 152% during the time of the event. "The potential security vulnerability has been detected, we are currently investigating and will release updates as soon as we can," said Raft.
Related: September marked the largest month for cryptocurrency breaches in 2023.
Published At
11/13/2023 6:02:21 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.