Not one or two but three DeFi platforms- Rari Capital, Fei Protocol, and Saddle Finance, came under a massive onslaught that resulted in draining roughly $90 million worth of crypto assets. Data provided by Whitehat hackers BlockSec. showed that multiple pools related to these platforms have been targeted.
Out of the three, Rari Capital, Fei Protocol suffered a combined loss of more than $80 million due to a typical reentrancy vulnerability, BlockSec shared via tweet.
According to experts, a re-entrance attack occurs when an execution of a smart contract gets interrupted in the middle and then initiated from the start once again, hence the term re-entered.
A good example of such attack was the DAO hack in June 2016, where over $60 million in Ethereum was stolen.
That said, Fei Protocol also confirmed the attack by saying that they are aware of the exploit on multiple Rari Fuse pools. For the time being, they have suspended all borrowing operations to prevent further exploitation of funds.
The author of the tweet has offered the hacker to keep $10 million from the stolen crypto as a bounty and return the rest of the funds that belong to their users.
If that wasn’t enough, the crypto community was woken up by another DeFi attack.
DeFi trio hacks- the latest update
Blockchain security firm Peckshield brought to light saying that automated market maker Saddle Finance was exploited in a flash loan attack, resulting in the protocol loss of about $10 million.
The hack was made possible due to the wrong MetaSwapUtils lib which was used for calculating the swap, it tweeted.
It also highlighted that the stolen funds from the 2017 @ParityTech Wallet Multisig hack were on the move as well.
Saddle responded by stating that the team is investigating the exploit and is pausing pool metapools withdrawals before adding that $3.8 million has been recovered.
Single-asset withdrawals are currently restricted, but balanced pool withdrawals are always possible. White hat hackers BlockSec Team were able to secure $3.8m. The team is in contact with them to return the funds.
The $90 million exploits on the trio platforms come exactly one month after the record-breaking $615 million Axie Infinity Hack carried out by the North Korean state-sponsored Lazarus group.