An exploit enabled attackers to drain $80 million in crypto from decentralized finance (DeFi) platform Rari Capital’s liquidity pools, according to a tweet today by blockchain and smart contract audit firm BlockSec.

The BlockSec team called the security flaw a “typical reentrance vulnerability,” and tweeted again with a picture displaying the offending code.

Algorithmic stablecoin Fei—the self-touted “Stablecoin for DeFei”—also had contributed liquidity to Rari Capital’s exploited pools. Fei has a market cap of well over half a billion dollars, making it the 11th largest stablecoin, according to data from CoinGecko. 

In December, Fei merged with Rari Capital. Rari enables the creation of so-called Fuse Pools—permissionless lending pools—that anyone with a wallet can access from anywhere to lend or borrow ERC-20 tokens. No minimum funds are required of users.

Fei and Rari’s joint effort got off the ground with $2 billion in liquidity.

Fei Protocol acknowledged the exploit on Twitter shortly before BlockSec’s report, saying, “We have identified the root cause and paused all borrowing.” Fei also promised a $10 million bounty to the attackers if they return the stolen funds.

Fei is trading a little below its peg, at $0.9895, as of this writing.

$11 million in 2021

This isn’t Rari Capital's first major exploit. In May of last year, a hacker stole 2,600 ETH (worth around $11 million at the time) from Rari Capital users. 

At the time, CEO Jai Bhavnani said Rari team members would be sacrificing their RGT allocations and putting them toward the reimbursement. When the companies merged, Fei Protocol assumed some of Rari’s liabilities stemming from that exploit.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。