How Hackers Looted 2600 ETH In Rari Capital Cross-Chain Exploit

Monday 10 May 2021, 4:30 AM AEST - 1 month ago

Ethereum (ETH) based yield aggregator Rari Capital was attacked this weekend by a group of bad actors. As a result, 2,600 in this cryptocurrency were stolen from the Rari Capital Ethereum Pool, as a post-mortem report released by core contributors confirmed.

The attack took place at around 1:48 PM UTC, May 8th, with a series of transactions that lasted for almost an hour. Rari Capitals product deposits ETH into Alpha Homoras ibETH interest-bearing token as part of their strategy.

The protocols pool contract operates with the ibETH.totalETH()/ibETH.totalSupply(), used to calculate the exchange rate for the ibETH/ETH pair. A separate report from Alpha Finance Labs claims that this operation can lead to incorrect assumption. Rari Capital report stated the following:

According to Alpha Finance, `ibETH.totalETH()` is manipulatable inside the `ibETH.work` function, and a user of `ibETH.work` can call any contract it wants to inside `ibETH.work`, including the Rari Capital Ethereum Pool deposit and withdrawal functions.

On Ethereum, the attack began when the bad actors took a flash loan from protocol dYdX for around 59,000 in this cryptocurrency. The funds were into Raris Ethereum based pool with the correct conversion rate for the aforementioned trading pair.

Then, the attackers used the function work which enabled them to trigger their offensive by encoding an evil fToken contract. This allowed the hackers to artificially inflate their ibETH/ETH rate.

At 2:29 PM +UTC, the possible root of the exploits was discovered. At 2:34 PM +UTC, actions on Alpha Homora were paused. The losses represented around 60% of all users fund in this Ethereum-based Pool. However, only Raris funds were lost, as Alpha Finances report claims. Rari Capital said:

At the end of `ibETH.work`, the value of `ibETH.totalETH()` returns to its true value, leading the Rari Capital Ethereum Pools balances to values lower than they were before the attack as a result of the attacker withdrawing more than they deposited while their balance was ...

Read full story on NewsBTC

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.