Rari Capital is the newest decentralized finance (DeFi) protocol to fall prey to a high-priced hack, after a $11 million assault earlier today.
The vulnerability uses “evil contract” exploit, in which an intruder “tricks” a contract into believing a hostile contract could have access or permissions, according to whitehat hacker Emiliano Bonassi. The hack was linked to Rari’s interest-bearing ibETH vault, according to Alpha Finance, but no Alpha funds were at risk.
There has been an exploit in the Rari Capital ETH Pool related to our @AlphaFinanceLab integration.
The rebalancer has removed all funds from Alpha in response.
We are currently investigating the situation and a full report will be shared once everything is assessed.
— Rari Capital (@RariCapital) May 8, 2021
The hacker reportedly has 4,005 ETH valued over $15 million in his pocket, although some of those funds seem to have come through a different exploit.
The hacker, like several others before him, seems to have contemplated submitting a letter to the Rari team but decided against it. Observers were able to note the message as a pending transaction until it was canceled because he charged a low gas fee.
The attacker’s message appeared to mean that the Alpha Homora squad avoided an extra $6 million drain when taking the aborted victory lap.
The hacker has left a base64-encoded message saying
— banteg (@bantg) May 8, 2021
Users are also speculating about what the team’s rewards package would be like on Twitter. Compensating consumers who have been harmed by hacking and vulnerabilities is becoming more popular, as EasyFi recently revealed their payout scheme after a catastrophic $60 million attack.
The Rari Capital team has received both praise and scorn from the community. One of the developers is said to be 15 years old, so the team is very young. One of their main investors, Twitter user Tetranode, joked on a recent Up Only podcast that, despite being only in his forties, the team mocks him as a “boomer” on a regular basis.
What is Rari Capital?
Rari Capital’s key service is to develop technologies that helps traders to gain interest in their idle capital without the need for consumer interference. The company’s robo-advisor is driven by the company’s algorithms, which track DeFi protocols automatically and reallocate funds based on potential.
Rari Capital was based on the concept of yield generation by consumption rather than speculation. Rari Capital is run by the $RGT, which is in charge of governance for the whole Rari Protocol, a DeFi robo-advisor centered on yield maximization.
Rari Capital will then open a decentralized application (dApp) where traders will deposit their crypto assets. According to the company’s announcement today, these properties would be automatically rebalanced via its smart contract for full yield.