Crypto hackers have made away with $77 million in proceeds from a theft affecting the recently merged Fei protocol and Rari Capital. The incident is the most recent in a series of hacks that have been directed toward the merged DeFi platforms. Fei Protocol acknowledged a vulnerability that targeted many pools belonging to their affiliate partner Rari Capital. Fei founder Joey Santoro confirmed the breach in a post to the decentralized-finance project’s Discord server.
The message stated,
We have uncovered the fundamental cause and have suspended lending to prevent additional loss.
Fei promised the attacker a $10 million reward if they surrendered the rest of the money. He said they wouldn’t take action if the hacker surrendered the loot. Meanwhile, the culprit has begun transferring cryptocurrency to Tornado Cash, a site that enables users to conceal their activities. So far, almost 5,400 Ether coins have been moved, with a total value of about $15 million.
The breach is the latest to hit the DeFi system, which is supposed to let users borrow and lend digital assets anonymously without using intermediaries. Earlier, a breach on Wormhole, a communication channel between the Solana platform and other DeFi platforms, saw attackers make off with $320 million in cryptocurrency.
In a thread on Fei’s Discord, Santoro stated that the attacker siphoned funds from many Fuse pools by leveraging a so-called reentrancy weakness and vowed to release a complete post-mortem of the assault “after additional study.”
When a system’s smart contract calls a smart exterior contract, the exterior contract responds with a call back that tries to exploit a flaw in the last call’s code. According to a study by blockchain programmer Moralis, one of the most well-known examples of this type of hack is the 2016 hack on The DAO, which led the Ethereum blockchain to break in two.
Crypto hackers target DeFi
There have been several attacks on decentralized finance. In February, there was an attack on a conduit between Ethereum and Solana blockchains. The episode saw clients lose more than 320 million dollars. The attack remained to be the second largest on a decentralized finance platform.
DeFi is frequently commended for its safety and transparency. The innovative contract application on the blockchain is a feature that drives most entities to use it. Smart contracts, which are customizable chunks of code, can act as alternatives for financial institutions and lawyers in some types of business dealings. Problems arise when crypto enthusiasts shift their funds between blockchains, which necessitates the usage of a vulnerable bridge.
Hackers and scammers on a rampage
Cryptocurrency is a risky investment. Apart from its volatility, there are several cases of attacks and scams.
A lot of scandals and scams rock the crypto industry daily. It now seems like a day cannot pass in the crypto world without a scam or fraud case coming to the fore. Pieces of news discussing and touching on hacks, phishing attacks, and compromised wallets across the crypto streets have become commonplace.
Yet, this should not surprise you. Cryptocurrency and blockchain apply decentralization as their strength. Thus, there are low regulations. Most authorities are struggling to formulate rules to protect users and investors. So far, no central entity controls or regulates the blockchain industry. Cyber thieves often use “mixers,” that let anyone deposit cryptocurrency and “mix” it with other people’s crypto assets to conceal their activities.
With this gap, a lot of weight is placed on the user’s shoulders. It is expected of crypto users that they are mindful, responsible, informed, and duly educated on the best security measures before investing in crypto and non-fungible tokens.
Source: https://www.cryptopolitan.com/crypto-hackers-stole-77m-in-defi-attack/