After a recent $11 Mln attack earlier today, Rari Capital is among the latest DeFi [Decentralized Finance] protocol to fall victim to a high-priced cyber attack.
The platform, which builds optimized yield vaults and boutique lending pools, confirmed the attack within an official Tweet and revealed that a full postmortem is forthcoming:
According to whitehat hacker Emiliano Bonassi, the exploit appears to be an “evil contract” exploit, within which an attacker ‘tricks’ a contract into thinking a hostile contract should have access or permissions. Alpha Finance revealed within a Tweet that the hack was associated with Rari’s interest-bearing ibETH vault, but that no Alpha funds were at risk:
The hacker’s wallet presently holds 4,005 ETH worth over $15,000,000, but some of these funds appear to be from another exploit.
Like many before him, the attacker appears to possess considered sending a message to the Rari team but canceled the transaction. Because he paid a low gas fee, however, observers were able to notice the message as a pending transaction prior it had been canceled:
While taking the aborted lap of victory, the attacker’s message also appeared to imply that the Alpha Homura team prevented a further $6 Mln drain.
Already users are taking to Twitter to take a position about what form the team’s compensation plan might take. Compensating users suffering from hacks and exploits are becoming an increasingly common practice, lastly with EasyFi revealing their compensation plan after a crippling $60 Mln exploit.
The Rari Capital team has often been a target of both community support as well as derision. The team is notably young, with one developer reportedly being 15 yrs old. One among their key investors, Twitter user Tetranode, joked on an earlier Up Only podcast that, despite only being middle-aged, the team frequently & playfully taunts him as a “boomer.”
Additionally, while some have criticized the team and attempted responsible youthful inexperience for the attack, others have outlined that security practices in DeFi are continually evolving and are quick to voice support for the team, along with SushiSwap CTO Joseph Delong: