Fei Protocol, a popular decentralized finance (DeFi) platform, has announced that it is offering a bounty of $10 million to any hackers who can successfully retrieve the funds stolen from various Rari Fuse pools. These funds are estimated to be worth nearly $80 million.
According to smart contract auditor BlockSec, the aforementioned heist was put in motion on the back of a typical reentrancy vulnerability.
one picture worth a thousand words 🙂 pic.twitter.com/dVxTMMpWZM
— BlockSec (@BlockSecTeam) April 30, 2022
With the $80M hack coming on the heels of the Ronin episode a few weeks ago, needless to say, many in the community were baying for updates. Rari Capital’s Jack Longarzo was quick to share some, with the developer revealing,
“Borrowing remains paused. Eth redemptions on attacked pools (8, 18, 27, 127, 144, 146, 156) have been temporarily paused as the attacker has a significant amount of fEth that could be redeemed for any deposits. We are working on a fix to the internal accounting to resolve this.”
Longarzo also claimed that “the team is reviewing a fix to the vulnerability and the erroneous internal accounting of these pools as a result of the exploit.”
This isn’t the first time Rari Capital has fallen victim to an exploit like this, however. Back in 2021, following an integration with Alpha Finance Labs, the project fell victim to an $11 million hack.
As expected, reactions from many in the community were mixed and varied. While some offered their support to the team behind the project, others were more circumspect, with one user claiming,
“Days like today reveal the dangers of on chain lending markets and the key importance of reserves for stablecoin issuers and other lenders. The @feiprotocol, @RariCapitalTRIBE is deeply overcollateralized, allowing it to endure losses in lending venues.”
While Fei Protocol has not revealed many details about its bounty offer, it is clear that the company is actively seeking to negotiate with the hackers and recover as much of its stolen funds as possible. Whether or not this bounty will be successful remains to be seen.