Fei Protocol Rari Fuse Hacking Incident Losses Total $80 Million
Decentralized finance (DeFi) platform Fei Protocol has now offered a $10 million bounty to hackers who stole a reported $80 million. Fei Protocol informed its investors about a security incident involving Rari Capital Fuse pools. Exact investor losses have not been released, though DeFi investigator BlockSec’s monitoring system detected a loss of more than $80 million, noting the root cause as a reentrancy vulnerability.
This would make the Rari Fuse Fei Protocol incident one of the largest reentrancy hacks recorded. A reentrancy bug may have allowed hackers to make external calls to another unauthorized contract.
This is not the first hack targeting Rari Capital. In May 2021, Rari Capital became victim to a security exploit. The Crypto world is now ride with hacks and new projects and protocols have no choice but to bolster their security measures.
What is a Reentracy Attack?
Reentrancy attacks happen when a hacker exploits a vulnerability in a smart contract to force it to mint and send tokens in a transaction to a third-party wallet.
In the Fei Protocol Rari Fuse case, according to CertiK co-founder Ronghui Gu, “the hacker was able to initiate a transaction by using ETH as collateral, and then reclaim the deposited ETH without paying back the borrowed funds. This is possible as there was a loophole in the smart contract code whereby the smart contract only updates its balance after sending out the funds. This then creates a window of opportunity for a hacker to call the smart contract again and reinitiate the transaction before its balance has been updated. By deploying this attack on multiple pools, the hacker was able to drain an enormous amount of funds from the protocol.”
Rari Capital further explains the details of the security situation in a Medium posting.
How Common are Crypto Heists?
According to market analysts at Chainalysis, scammers and fraudsters stole $3.2 billion in various cryptocurrencies in 2021. But in the first four months of 2022, $2.9 billion worth of crypto has already been stolen.
The number of crypto heists has not changed dramatically, but the attacks have become larger, in part due to existence of more Decentralized Finance (DeFi) projects.
There are two primary ways criminals target cryptocurrency: stealing it directly, or using a scheme to trick people into handing it over.
Typically a cryptocurrency is held in a “wallet” with private keys. These keys are usually stored somewhere and hacked.
How Can Consumers Protect Crypto?
Unlike a bank, governments do not have a financial claims scheme to guarantee deposits if an exchange goes bankrupt or funds are lost. Crypto Exchange theft litigation may be the only way to recover funds.
One way consumers can protect themselves from theft is to transfer cryptocurrency from an exchange to a software wallet or a hardware wallet. But wallets require keys and if the private keys are lost, the cryptocurrency is lost.
Our lawyers are currently involved in a wide variety of data theft and privacy litigation nationwide. Contact The Lyon Firm for more information on the Fei protocol – Rari Capital class action or other crypto exchange theft litigation.