Rari Capital is the latest decentralized finance (DeFi) protocol to fall victim to a high-priced exploit, after a $11 million attack earlier today.
The attack was confirmed in a tweet and it said that a full post-mortem is in prospect. It is imperative to add that, Rari is a platform which builds optimized yield vaults and boutique lending pools.
An attacker ‘tricks’ a contract into thinking a hostile contract should have access or permissions and of which the exploit appears to be an “evil contract” exploit, according to whitehat hacker Emiliano Bonassi.
Rari’s interest-bearing ibETH vault, is related to the attack, though, no Alpha funds were at risk, according to Alpha Finance.
Worth over $15,000,000, the hacker’s wallet currently holds 4,005 ETH, though some portions of the funds are from different exploit.
Like many before him, the attacker appears to have considered sending a message to the Rari team, but cancelled the transaction. Because he paid a low gas fee, however, observers were able to notice the message as a pending transaction before it was cancelled:
While taking the aborted victory lap, the attacker’s message also seemed to imply that the Alpha Homura team prevented an additional $6 million drain.
Already users are taking to Twitter to speculate about what form the team’s compensation plan might take. Compensating users affected by hacks and exploits is becoming an increasingly common practice, most recently with EasyFi revealing their compensation plan after a crippling $60 million exploit.
The Rari Capital team has often been a target of both community support and derision. The team is notably young, with one developer reportedly being 15 years old. One of their key investors, Twitter user Tetranode, joked on a recent Up