The decentralized finance (DeFi) platform Raft recently fell victim to a hack, resulting in the loss of around $3.3 million in Ethereum (ETH). However, the hacker’s attempt to profit from the heist seems to have backfired, as they incurred a loss themselves.
On-chain data indicates that the hacker drained 1,577 ETH from Raft but then proceeded to send 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets. Consequently, only 7 ETH remained in the possession of the attacker.
Before the attack, the hacker’s address had received 18 ETH through the use of a crypto mixer service called Tornado Cash, likely as a means to obfuscate the origin of the funds involved in the transactions.
After executing the transfers and covering the associated blockchain fees, the attacker’s crypto wallet was left with only 14 ETH, resulting in an overall loss of 4 ETH.
Following the incident, Raft’s R dollar-pegged stablecoin saw a substantial decline. Initially valued at $1, it dropped by 50% but later recovered to around 70 cents, as per Coinmarketcap data.
David Garai, co-founder of Raft, confirmed the attack in a post on the social media platform X (formerly Twitter).
David Garai explained that the exploiter minted R tokens, which were subsequently sold to drain liquidity from automated market makers. Simultaneously, collateral was withdrawn from Raft.
“There’s been an exploit situation for Raft where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time.”
To address the impact on users, Garai mentioned that they are using the protocol-owned sDAI in the Peg Stability Module to compensate affected individuals.
Raft operates as a DeFi lending platform and issues the R stablecoin, which is collateralized by liquid staking ether (ETH) derivatives like Lido’s stETH. Users can mint R tokens by locking up ETH derivatives.
Poloniex Wallet Drained of $114 Million
Raft’s hack marked the second major crypto exploit on the same day. Prior to this, an attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.
In the Poloniex incident, the hacker utilized two wallets to send stolen funds in sequence before swapping them for USD Coin (USDC) using the Metamask swapping feature. Following the disclosure of the hack, the company’s Customer Support announced on X (formerly Twitter) that the wallet has been disabled temporarily.
These recent incidents add to the ongoing challenges of hacks and scams within the crypto industry. According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, around $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.
