Decentralized Finance Platform Raft Falls Victim to $3.3M Ethereum Heist
Decentralized finance (DeFi) enclave Raft faced a significant setback as a hacking attempt resulted in the pilfering of around $3.3 million in Ethereum (ETH). The assailant’s ambitions to capitalize on the heist might have misfired, as they encountered a loss themselves.
On-chain data lays bare the hacker’s maneuvers: siphoning off 1,577 ETH from Raft, with a subsequent transfer of 1,570 ETH to a burn address, essentially obliterating the lion’s share of the purloined assets. Merely 7 ETH clung to the wrongdoer’s coffers.
Preceding the attack, the hacker’s wallet had accrued 18 ETH via the use of a crypto mixer service named Tornado Cash, presumably to underwrite the ensuing transactions. Post-execution of transfers and settling associated blockchain fees, the attacker’s crypto vault was left with a scant 14 ETH, resulting in an overall loss of 4 ETH.
David Garai, Raft’s co-founder, verified the incursion in a post on the social media platform X (previously Twitter). Garai elucidated that the exploiter minted R tokens, which were subsequently liquidated to drain automated market maker (AMM) liquidity, coupled with the concurrent withdrawal of collateral from Raft.
To mitigate the fallout on users, Garai indicated that they are leveraging the protocol-owned sDAI in the Peg Stability Module to indemnify affected individuals.
Raft, operating as a DeFi lending platform, issues the R stablecoin collateralized by liquid staking ether (ETH) derivatives like Lido’s stETH. Users can mint R tokens by locking up ETH derivatives.
In a synchronic and unsettling development on the same day, a perpetrator siphoned off roughly $114 million in digital assets from the centralized exchange Poloniex.
The assailant orchestrated a dual-wallet strategy, sequentially dispatching stolen funds before swapping them for USD Coin (USDC) using the Metamask swapping feature.
Following the revelation of the hack, Poloniex’s Customer Support proclaimed on X that the wallet has been temporarily disabled.
These recent incidents compound the persistent challenges faced by the crypto industry, grappling with an escalating number of hacks and scams. A report by blockchain security platform highlighted 76 hacks on crypto and Web3 projects and firms in Q3 2023, a stark surge from the 30 hacks reported in the same period in 2022.
The cumulative toll from various exploits, hacks, and scams in September alone reached approximately $332 million, marking a record-high month for crypto exploits.