Major Losses Incurred by Attacker
Decentralized finance (DeFi) platform Raft recently experienced a security breach, resulting in the loss of approximately $3.3 million worth of Ethereum (ETH). Interestingly, the attacker’s attempt to profit from the heist seems to have backfired, as they themselves incurred a significant loss.
On-chain data analysis indicates that the hacker drained 1,577 ETH from Raft’s accounts. However, they then sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets. This move left the attacker with only 7 ETH remaining in their possession. It is worth noting that prior to the attack, the hacker’s address had received 18 ETH through the use of a crypto mixer service called Tornado Cash, likely to fund their transaction activities.
After executing the transfers and covering the associated blockchain fees, the attacker’s crypto wallet was left with a mere 14 ETH. This ultimately resulted in a loss of 4 ETH overall for the hacker.
“On-chain data reveals that the hacker drained 1,577 ETH from Raft and subsequently sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets. Only 7 ETH remained in the attacker’s possession.”
Following this incident, Raft’s R dollar-pegged stablecoin experienced a significant drop in value. Initially valued at $1, it plummeted by 50%. However, it later managed to recover to around 70 cents, as per Coinmarketcap data.
David Garai, co-founder of Raft, confirmed the attack in a post on X (formerly Twitter). In his message, Garai explained that the exploiter minted R tokens, which were then sold in order to drain liquidity from automated market makers. Additionally, collateral was also withdrawn from Raft.
“There’s been an exploit situation for Raft where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time.”
In an effort to mitigate the impact on users, Garai mentioned that they are utilizing the protocol-owned sDAI in the Peg Stability Module to compensate affected individuals. Raft primarily functions as a DeFi lending platform and issues the R stablecoin, which is collateralized by liquid staking ether (ETH) derivatives, such as Lido’s stETH. Users can mint R tokens by locking up ETH derivatives.