An exploit called “typical reentrance vulnerability” enabled attackers to drain $80 million in crypto from decentralized finance (DeFi) platform Rari Capital’s liquidity pools.
Algorithmic stablecoin Fei the self-touted “Stablecoin for DeFei”also had contributed liquidity to Rari Capital’s exploited pools. Fei has a market cap of well over half a billion dollars, making it the 11th largest stablecoin.
Last year, Fei merged with Rari Capital. Rari enables the creation of so-called Fuse Pools permissionless lending pools that anyone with a wallet can access from anywhere to lend or borrow ERC-20 tokens. No minimum funds are required of users
Fei and Rari’s joint effort got off the ground with $2 billion in liquidity. Fei Protocol acknowledged the exploit on Twitter shortly before BlockSec’s report, saying, “We have identified the root cause and paused all borrowing.” Fei also promised a $10 million bounty to the attackers if they return the stolen funds.
This isn’t Rari Capital’s first major exploit. In May 2021, a hacker stole 2,600 ETH (worth around $11 million at the time) from Rari Capital users. When the companies merged, Fei Protocol assumed some of Rari’s liabilities stemming from that exploit