DeFi Vulnerability Leads to $6.7M Exploit, Auditors Fail to Detect

Raft Protocol Hit by Security Breach Despite Audits

Decentralized U.S. dollar stablecoin protocol Raft recently announced a security exploit that resulted in a loss of $6.7 million. This breach occurred even after the project underwent multiple security audits.

How the Exploit Happened

According to Raft's post-mortem report, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on the decentralized finance protocol Aave. The hacker then transferred the funds to Raft and exploited a smart contract glitch to mint 6.7 million Raft stablecoins, known as "R."

Unauthorized Funds Swapped and Depegging

The hacker subsequently swapped the unauthorized funds on decentralized exchanges Balancer and Uniswap, resulting in $3.6 million in proceeds. Following the attack, the R stablecoin depegged.

Auditors Failed to Detect Vulnerabilities

Raft's smart contracts were audited by blockchain security firms Trail of Bits and Hats Finance. Unfortunately, the vulnerabilities that led to the exploit were not identified during these audits, according to Raft developers.

Investigation and Recovery Efforts

Raft has filed a police report and is currently collaborating with centralized exchanges to trace the flow of the stolen funds. All of Raft's smart contracts are currently suspended. However, users who minted R stablecoins can still repay their positions and retrieve their collateral.

Decentralized Stablecoins and Past Incidents

Decentralized stablecoins are created using users' crypto deposits as collateral. In a similar incident last December, decentralized stablecoin HAY depegged against the U.S. dollar after a hacker exploited a smart contract glitch and minted 16 million HAY without proper collateral. HAY has since re-pegged due to a collateralization ratio of 152% implemented for risk management.

Related: September Witnessed Highest Number of Crypto Exploits in 2023