Fei Protocol, which late last year merged with Rari, announced a $10 million bounty, should the funds be returned.
Decentralized finance (DeFi) platforms Rari Capital and Fei Protocol suffered a more-than-$80 million hack early Saturday.
The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol, according to a tweet by smart contract analysis firm Block Sec.
Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprime— BlockSec (@BlockSecTeam) April 30, 2022
According to a tweet from Blockchain security firm PeckShield, the same vulnerability has been used to attack other forks of the Compund DeFi protocol.
Rari Capital acknowledged the hack, saying borrowing has been paused globally and that no further funds were at risk.
Fei Protocol, which merged last December with Rari, offered to let the attacker keep $10 million of the stolen funds as a “bounty” if the remaining funds were returned.
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.— Fei Protocol (@feiprotocol) April 30, 2022
To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
Rari Capital suffered from a different attack in May of last year, which saw a hacker run away with $10.6 million in user funds.