In a recent incident, Raft, a decentralized finance (DeFi) platform, found itself targeted in a hack that resulted in the loss of approximately $3.3 million in ether (ETH) on a Friday afternoon. However, the attacker’s attempt at a heist may have gone awry, resulting in an unexpected net loss. According to on-chain data, the attacker executed a drain of 1,577 ETH from Raft.
Raft Defi platform loses 1,577 Ethereum to hackers
The attackers sent 1,570 ETH to a burn address, effectively obliterating most of the stolen assets and retaining only 7 ETH for themselves. Notably, before the attack, the hacker’s address had received 18 ETH through the Tornado Cash crypto mixer service, presumably for funding transactions. After completing the transfers and covering blockchain fees, the exploiter’s crypto wallet was left with only 14 ETH, signaling a 4 ETH loss on the entire operation. Meanwhile, Raft’s R dollar-pegged stablecoin experienced a sharp decline.
The stablecoin dropped by as much as 50% from its purported $1 value in the immediate aftermath. Nevertheless, it later rebounded to around 70 cents, according to Coinmarketcap data. David Garai, co-founder of Raft, confirmed the attack in a post on X (formerly Twitter). He elaborated on the exploiter’s modus operandi, explaining that R tokens were minted and subsequently sold to deplete automated market maker liquidity. Simultaneously, the attacker withdrew collateral from Raft, orchestrating a sophisticated maneuver.
The platform’s response and the Defi landscape
Addressing the aftermath of the attack, Garai stated that the team is actively working on reimbursing affected users. They plan to use the protocol-owned sDAI in the Peg Stability Module for this purpose. Raft operates as a DeFi lending platform, issuing the R stablecoin collateralized by liquid staking ether (ETH) derivatives like Lido’s stETH. Users have the option to mint R tokens by locking up ETH derivatives. This incident marked the second major crypto exploit on that particular Friday. Earlier in the day, a separate attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.
The occurrence underscores the persistent challenges faced by DeFi platforms in securing their protocols against malicious actors. Despite the setback, Raft’s proactive measures to utilize protocol-owned assets for reimbursement demonstrate a commitment to mitigating the impact on affected users. In the broader context of decentralized finance, security concerns remain a central issue. The incident at Raft highlights the potential vulnerabilities in smart contracts and emphasizes the need for continuous vigilance in the rapidly evolving DeFi landscape.
As the sector continues to expand, it becomes imperative for platforms to prioritize robust security measures to safeguard user funds and maintain trust within the decentralized ecosystem. While Raft’s stablecoin initially suffered a significant drop in value, the subsequent recovery indicates a degree of resilience in the DeFi market. Users and investors, however, should remain vigilant and informed about the security measures in place on the platforms they engage with, as the threat landscape in the crypto space continues to evolve.