Decentralized finance (DeFi) platform Raft has suffered a hack resulting in the loss of approximately $3.3 million in Ethereum ( ETH).
However, the attacker’s attempt to profit from the heist may have backfired, as they incurred a loss themselves.
On-chain data reveals that the hacker drained 1,577 ETH from Raft and subsequently sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets.
Only 7 ETH remained in the attacker’s possession.
Prior to the attack, the hacker’s address had received 18 ETH through the use of a crypto mixer service called Tornado Cash, likely to fund the transactions.
After executing the transfers and paying the associated blockchain fees, the attacker’s crypto wallet was left with a mere 14 ETH, resulting in a loss of 4 ETH overall.
Following the incident, Raft’s R dollar-pegged stablecoin experienced a significant drop.
Initially valued at $1, it plummeted by 50% but later recovered to around 70 cents, according to Coinmarketcap data.
David Garai, co-founder of Raft, confirmed the attack in a post on the social media platform X (formerly Twitter).
Garai explained that the exploiter minted R tokens, which were subsequently sold to drain liquidity from automated market makers. Simultaneously, collateral was withdrawn from Raft.
“There’s been an exploit situation for Raft where the exploiter minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time.”
In an effort to mitigate the impact on users, Garai stated that they are using the protocol-owned sDAI in the Peg Stability Module to compensate affected individuals.
Raft functions as a DeFi lending platform and issues the R stablecoin, which is collateralized by liquid staking ether (ETH) derivatives such as Lido’s stETH. Users have the ability to mint R tokens by locking up ETH derivatives.
Poloniex Wallet Drained of $114 Million
Raft’s hack marked the second major crypto exploit on the same day. Earlier, an attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.
The hacker deployed two wallets sending stolen funds in sequence before swapping them for USD Coin ( USDC) using the Metamask swapping feature.
Following the disclosure of the hack, the company’s Customer Support announced on X that the wallet has been disabled in the meantime.
The recent incidents come as hacks and scams continue to plague the crypto industry.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.