Non Cult Crypto News

Non Cult Crypto News

in ,

DeFi vulnerability leading to $6.7M exploit ‘not detected’ by auditors

The project was previously audited by Trail of Bits and Hats Finance.

DeFi vulnerability leading to $6.7M exploit 'not detected' by auditors

Join us on social networks

Decentralized U.S. dollar stablecoin protocol Raft claims that despite multiple security audits, the firm still suffered a security exploit leading to the loss of $6.7 million last week.

According to the project’s Nov. 13 post-mortem report, a few days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million Raft stablecoin, dubbed “R,” using a smart contract glitch.

The unauthorized minted funds were then swapped off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the attack. 

According to the report:

“The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares.”

The smart contracts exploited during the incident were audited by blockchain security firms Trail of Bits and Hats Finance. “Unfortunately, the vulnerabilities that led to the incident were not detected in these audits,” Raft developers wrote.

The project says that since the Nov. 10 incident it has filed a police report and is currently working with centralized exchanges to track down the flow of the stolen funds. All Raft’s smart contracts are currently suspended, though users who minted R “retain the ability to repay their positions and retrieve their collateral.”

Decentralized stablecoins are minted using users’ crypto deposits as collateral. Last December, decentralized stablecoin HAY depegged against the U.S. dollar after a hacker took advantage of a smart contract glitch and minted 16 million HAY without proper collateral. The HAY stablecoin has since re-pegged, in part, due to the protocol requiring a collateralization ratio of 152% at the time of exploit as part of risk management. 

Related: September becomes the biggest month for crypto exploits in 2023

This article first appeared at News

What do you think?

Written by Outside Source

Polygon shows ‘consistent growth’ in Q3, Nansen reports

How This Bitcoin Veteran Lost Nearly $1 Million in BTC After A Decade Of HODLing

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.