The decentralized finance (DeFi) lending platform Raft has encountered a security breach, leading to the temporary suspension of its R stablecoin minting. The breach resulted in over 1500 ETH being drained from the protocol.
Raft Security Breach Details
Raft co-founder David Garai confirmed the breach, revealing that the intruder exploited vulnerabilities to generate R tokens, deplete automated market maker liquidity, and withdraw collateral from Raft.
Furthermore, CoinGecko data indicates that this breach caused the price of the R stablecoin to plummet from $1 to $0.04.
Response and Investigation
Garai stated that Raft is prioritizing the security of user operations and working to restore stability while conducting a thorough investigation into the incident. While minting remains temporarily suspended, current R holders retain the ability to repay loans and retrieve collateral.
An on-chain data analyst traced the hack to a coding flaw, redirecting the 1570 ETH drained by the hacker to an irretrievable null address instead of the hacker’s wallet.
Furthermore, the hacker reportedly funded the attack with 18 ETH obtained through the crypto mixer Tornado Cash, minting 6.7 million unbacked R tokens valued at $6.7 million. However, the critical code flaw resulted in the locked ETH in the null address.
Ongoing Investigation and User Assurance
Raft is actively investigating the incident and has committed to keeping users informed about efforts, all to restore stability and compensate for any losses from the protocol’s treasury reserves.
However, despite the minting suspension, existing R holders can still utilize Raft’s lending and borrowing functions, providing a measure of continuity while the platform addresses the aftermath of the security breach.