This weekend, Rari Capital, a cryptocurrency company, was hacked due to a cross-chain exploit. According to experts, the attack mechanism was that the attacker built a bogus coin and pool on SushiSwap, then obtained ibETH via Alpha Homora in the Rari ETH contract and exchanged his cryptocurrencies for Ethereum there.
During the attack, the hacker took 5346 BNB (approximately $3.58 million) and exchanged it for 1,000 ETH. Then he was able to rob an additional 1900 ETH. If the developers hadn’t thought to save the money, the attacker might have withdrawn more than 4600 ETH instead of 2900 ETH. Even so, 2,900 ETH account for more than 60% of the total ETH Rari Capital pool.
After losing approximately $10 million, the Rari team plans to create a compensation scheme for victims harmed by the hacker’s acts. The guide automates refunds to the ETH pool by rebalancing money and client pools.
According to Rari’s CEO, the project participants unanimously agreed to return to the DAO 2 million RGT coins planned as a bonus to the developers. They can also be used to recover funds lost by users during the project’s attack.
While the final return plan is being worked out, the Rari executive also mentioned that RGT coin holders would be able to demand a portion of the DAO stablecoin reserve at today’s meeting. The total number of RGT coins in the DAO is 8.7 million (nearly $122 million).
The team’s total allocation for losses reaches 26 million dollars. And the faster the startup tackles this tough challenge, the better since the value of RGT tokens has already fallen by 44 percent in less than an hour following news of the hack.
The good news is that, despite the increasing number of hacks in the DeFi industry as its popularity grows, there are still startups able to accept responsibility for their mistakes.