Fei Protocol and Rari Capital suffered a loss of over $800 million in a cybersecurity attack. BlockSec, a DeFi security firm, monitoring system detected an exploit of multiple streams connected to the decentralized finance protocols. The hacker took advantage of a reentrancy vulnerability.
Following the attack, Fei Protocol quickly paused all borrowing functions to mitigate further damage. It has also offered a $10 million bounty to the hacker, that is if he opts to return the stolen funds. But the hacker has started moving the crypto to Tornado Cash. Lei Wu, the chief technical officer of BlockSec, said about 5,400 Ether tokens – worth $15 million based on recent prices – have been transferred so far.
The exploit was carried through a reentrancy attack, which occurs when a protocol’s smart contract makes a call to an external smart contract. It is responded to by a return call from the external contract that seeks to exploit a vulnerability in the initial call’s code.
Fei Protocol tweeted that it aware of an exploit on various Rari Fuse pools. It identified the root cause and paused all borrowing to mitigate further damage. This incident is the latest to have targeted a DeFi network. Hackers made off with $320 million worth of crypto, in February, after an attack on Wormhole – a communication bridge between the Solana blockchain and other DeFi networks.
Fei Protocol, an algorithmic stablecoin, uses the Protocol Controlled Value (PCV) model to eliminate the risks of death spiral or seigniorage. This manages the stablecoin. It is pegged against the US dollar. Anything that affects the PCV assets could influence the peg. After the hack, the peg dropped 0.4% and is currently at $0.9982. Through Rari Capital, investors can lend, borrow and farm high yields through a permissionless interest-rate protocol called Fuse.