Crypto hackers steal $77 million in attack on DeFi projects

tech.hindustantimes.com:

Crypto projects Rari Capital and Fei Protocol said they suffered a $77 million hack on Saturday, five months after their merger. An unverified Twitter account for Fei Protocol said it was aware of an exploit targeting various pools belonging to its merged partner Rari Capital. The tweet was verified by Fei founder Joey Santoro in a post to the decentralized-finance project’s Discord server. 

“We have identified the root cause and paused all borrowing to mitigate further damage,” the tweet said. Fei offered a $10 million bounty to the hacker if they returned the remaining user funds, “no questions asked.” Meanwhile, the hacker has already started moving crypto to Tornado Cash, a service that allows users to mask transactions, according to Lei Wu, chief technical officer of blockchain security firm BlockSec, and a review of activity on Etherscan.

The exploit is the latest to target a DeFi network, which is designed to allow users to bypass traditional intermediaries to borrow and lend digital assets with the added feature of anonymity. In February, hackers made off with $320 million worth of crypto after an attack on Wormhole, a communication bridge between the Solana blockchain and other DeFi networks.

Fei Protocol is focused on building an algorithmic stablecoin, pegged to the value of the U.S. dollar, that can be more easily used by decentralized autonomous organizations, or DAOs. Rari Capital allows investors to lend, borrow and “farm” high yields via a permissionless interest-rate protocol called Fuse. 

The hacker drained funds from several Fuse pools by exploiting a so-called reentrancy vulnerability, Santoro said in a post on Fei’s Discord, and promised to publish a detailed post-mortem of the attack “after further