Raft, a decentralized finance (DeFi) platform, faced a substantial setback as it fell victim to a $3.3 million exploit, causing its R stablecoin to lose its dollar peg and drop by up to 50%. The attack resulted in the hacker draining 1,577 ETH from Raft, followed by sending 1,570 ETH to a burn address, effectively destroying most of the stolen assets and leaving a mere 7 ETH for the attacker.
Notably, the on-chain data indicates that the hacker initiated the attack with 18 ETH obtained via the Tornado Cash crypto mixer service, suggesting a strategic move to fund transactions.
Despite the successful exploit, the attacker faced a financial loss, ending up with only 14 ETH in their crypto wallet after executing transfers and covering blockchain fees. Raft’s R stablecoin experienced a significant drop from its supposed $1 value, hitting a 50% decline in the immediate aftermath. However, the stablecoin later rebounded to around 70 cents, according to Coinmarketcap data.
Co-founder David Garai confirmed the attack on Raft, revealing that the exploiter minted R tokens, which were then sold to drain automated market maker liquidity while simultaneously withdrawing collateral from Raft. Garai expressed the platform’s commitment to addressing the impact on users, stating they are working to “make people whole” using the protocol-owned sDAI in the Peg Stability Module.
Raft operates as a DeFi lending platform, issuing the R stablecoin collateralized by liquid staking ether derivatives, such as Lido’s stETH, allowing users to mint R tokens by locking up ETH derivatives. This incident marked the second major crypto exploit on the same day, following an attack that drained about $114 million from centralized exchange Poloniex.
References:
