Security Audits Miss Vulnerabilities As Raft Hacked For $6.7M

Despite taking precautions, the DeFi protocol Raft fell victim to a security exploit last week, which resulted in a total loss of $6.7 million worth of funds.

Security Breach Unveiled

Raft, a decentralized finance platform behind the USD-pegged stablecoin R, reported a security exploit in its system despite undergoing multiple security audits. According to the post-mortem report released on Nov. 13, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on Aave and exploited a smart contract glitch to mint 6.7 million R tokens.

The report identified a precision calculation issue during the minting of share tokens as the primary root cause, enabling the attacker to obtain extra share tokens. This exploitation leveraged an amplified index value to inflate the value of the shares.

R Depegged, Despite Precautions

Following the exploit, the unauthorized funds were moved off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, resulting in proceeds of $3.6 million. Subsequently, the R stablecoin experienced a depegging after the attack. Raft's dollar-pegged stablecoin, R, initially dropped by 50% from its $1 price post-exploit but later rebounded to around 70 cents, as per Coinmarketcap data.

The exploited smart contracts had undergone audits by blockchain security firms Trail of Bits and Hats Finance. Despite these efforts, the vulnerabilities leading to the incident were not detected during these audits, according to Raft.

Hacker Lost Money? 

On-chain data revealed an intriguing aspect – after draining 1,577 ETH from Raft, the attacker sent 1,570 ETH to a burn address, effectively destroying most of the stolen assets and leaving only 7 ETH. The attacker's crypto wallet received 18 ETH via Tornado Cash before the attack and was left with only 14 ETH after executing the transfers, indicating a 4 ETH loss.

The post-mortem report suggested, 

“The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares.”

Post-Incident Actions

Since the incident on Nov. 10, Raft has taken immediate steps, filing a police report and collaborating with centralized exchanges to trace the stolen funds. Currently, all of Raft’s smart contracts are suspended. However, users who minted R still have the ability to repay their positions and retrieve their collateral.

In the aftermath of this exploit, Raft faces the dual challenge of recovering from the financial loss and restoring trust within its user base.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.