DeFi Platform Raft Hacked for $3.3 Million, Attacker Burns Most of Stolen ETH – Here’s What Happened

Source: Pixabay

Decentralized finance (DeFi) platform Raft has suffered a hack resulting in the loss of approximately $3.3 million in Ethereum ( ETH).

However, the attacker’s attempt to profit from the heist may have backfired, as they incurred a loss themselves.

On-chain data reveals that the hacker drained 1,577 ETH from Raft and subsequently sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets.

Only 7 ETH remained in the attacker’s possession.

Prior to the attack, the hacker’s address had received 18 ETH through the use of a crypto mixer service called Tornado Cash, likely to fund the transactions.

After executing the transfers and paying the associated blockchain fees, the attacker’s crypto wallet was left with a mere 14 ETH, resulting in a loss of 4 ETH overall.

Following the incident, Raft’s R dollar-pegged stablecoin experienced a significant drop.

Initially valued at $1, it plummeted by 50% but later recovered to around 70 cents, according to Coinmarketcap data.

David Garai, co-founder of Raft, confirmed the attack in a post on the social media platform X (formerly Twitter).

Garai explained that the exploiter minted R tokens, which were subsequently sold to drain liquidity from automated market makers. Simultaneously, collateral was withdrawn from Raft.

“There’s been an exploit situation for Raft where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time.”

There’s been an exploit situation for @raft_fi where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time

We are investigating – post-mortem will follow soon

— DG (@davgarai) November 10, 2023

In an effort to mitigate the impact on users, Garai stated that they are using the protocol-owned sDAI in the Peg Stability Module to compensate affected individuals.

Raft functions as a DeFi lending platform and issues the R stablecoin, which is collateralized by liquid staking ether (ETH) derivatives such as Lido’s stETH. Users have the ability to mint R tokens by locking up ETH derivatives.

Poloniex Wallet Drained of $114 Million

Raft’s hack marked the second major crypto exploit on the same day. Earlier, an attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.

The hacker deployed two wallets sending stolen funds in sequence before swapping them for USD Coin ( USDC) using the Metamask swapping feature.

Following the disclosure of the hack, the company’s Customer Support announced on X that the wallet has been disabled in the meantime.

Our wallet has been disabled for maintenance. We will update this thread once the wallet has been re-enabled.

— Poloniex Customer Support (@PoloSupport) November 10, 2023

The recent incidents come as hacks and scams continue to plague the crypto industry.

According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.

In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits. 

Enter your email for our Free Daily Newsletter

A quick 3min read about today’s crypto news!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top