Hacked Crypto Platform Offers ‘No Questions Asked’ $10M Bounty for Stolen Funds

The exploit is one of a growing number of hacking incidents on DeFi projects in recent months

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Smart contract hackers targeted merged DeFi projects Rari Capital and Fei Protocol to steal almost $80 million over the weekend
  • Rather than seek VC funding to plug the losses, the Tribe DAO, which manages their governance, may vote to make users whole

Crypto platform Fei Protocol hopes a $10 million bounty “with no questions asked” will spur hackers to return nearly $80 million of digital assets stolen over the weekend.

Fei, the stablecoin issuer which merged with crypto lending startup Rari Capital just five months ago, made the plea on Twitter hours after the exploit — in which hackers infiltrated the platform’s lending pools — was detected Saturday.

“We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage,” Fei Protocol tweeted. “To the exploiter, please accept a [$10 million] bounty and no questions asked if you return the remaining user funds.” 

Rari’s hacker leveraged a critical “reentrancy” bug buried deep within the protocol’s code. These bugs involve smart contracts calling each other to move funds without appropriate checks. 

For its codebase, Fei forked (read: copied) Ethereum money market platform Compound in early 2021. Compound enables crypto lending by valuing digital assets. It automatically determines borrowing limits and gauges market conditions to calculate interest rates.

Fei made certain changes to the code, however, and despite audits the flaw wasn’t discovered until it was too late.

Compound forks have suffered similar fates in the past. Rari even paid $2 million to security researchers who had discovered a nearly identical flaw in March.

Decentralized exchange Uniswap, DeFi platform Cream Finance, and The Dao, among other projects, have fallen victim to reentrancy attacks dating back to 2016. 

Rari also lost $11 million to smart contract hackers in an unrelated attack last May, then about 60% of the protocol’s capital.

In this case, Rari Fuse lending pools (which facilitate the lending of related ERC-20 tokens) effectively failed to keep track of how much cryptocurrency had been borrowed.

The setup illegitimately allowed for the borrowing of large amounts of cryptocurrency, withdrawal of the loan’s collateral and retention of borrowed funds, according to smart contract auditor CertiK.

The hackers flash-loaned $150 million worth of stablecoin USDC and 50,000 WETH ($141.5 million) to power more crypto loans from seven Rari Fuse pools.

After triggering a buggy “exitMarket” smart contract function, they withdrew the collateral, repaid the flash loan and kept the “borrowed” funds from Rari Fuse. The hackers repeated this process until they’d amassed roughly $80 million of crypto.

Rari Capital later disclosed another 100 ETH had been hacked Sunday from a Fuse pool on layer-2 Ethereum platform Arbitrum.

BlockSec Chief Technology Officer Lei Wu confirmed to Blockworks that 5,400 ETH of the pilfered stash had been sent to crypto mixer Tornado Cash.

The stolen funds essentially belong to Rari Fuse users who had loaned their crypto. With this in mind, Fei Protocol is not exactly the victim — despite the exploit targeting its source code. 

Rari developer Jack Longarzo told Blockworks that Rari’s Fuse platform and the Tribe DAO that manages Fei and Rari’s governance are the real victims. In fact, Tribe DAO may deliberate whether to release funds from its treasuries to make Rari Fuse users whole. Its treasury is currently worth $104 million, according to OpenOrgs.

While there’s no formal bailout proposal as yet (and Longarzo wouldn’t comment on whether one was in the works), such a move would starkly contrast the VC-funded bailouts of other embattled DeFi platforms such as Wormhole and Ronin, which have generally involved more centralized and private decision-making than a community vote.

But there is some indication that Tribe DAO participants may be losing faith. The DAO’s native token, TRIBE, is down 20% since the attack was first disclosed.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research

article-image

Hunter Horsley says Solana is one of this cycle’s breakout successes that he thinks clients will want to access

article-image

SOL has climbed more than 2,000% in the past two years

article-image

MicroStrategy founder Michael Saylor alluded to Marathon’s CEO during a X Spaces on Tuesday

article-image

Crypto’s calls are equally as juiced as puts, creating a “smile” in the volatility surface

article-image

Turns out that owning the end-user via a crypto wallet is quite a prosperous business

article-image

The announcement followed growing speculation that Gensler would announce his exit before Trump takes office next year