A mining attack allowed attackers to withdraw $80M from the decentralized finance (DeFi) platform Rari Capital’s liquidity pools, according to a tweet today by the smart contract auditing firm and BlockSec blockchain.
The BlockSec team called the vulnerability ltypical reentrance vulnerability and tweeted again with a photo showing the offending code.
Algorithmic stablecoin Fei has also contributed liquidity to Rari Capital’s mining pools.
Fei has a market capitalization of over $500M, making it the 11th largest stablecoin, according to data from CoinGecko.
In December, Fei merged with Rari Capital. Rari allows the creation of so-called Fuse Pools.
Unauthorized lending pools that anyone with a wallet can access from anywhere to lend or borrow ERC-20 tokens. There is no minimum amount requested by the user.
Fei and Rari’s joint effort has successfully started with $2B of liquidity.
Fei Protocol acknowledged the mining on Twitter shortly before the BlockSec report, saying it had identified the root cause and halted all borrowing.
Fei also promised to reward the attackers with $10B if they return the stolen funds.
This is not Rari Capital’s first major mining run. In May of last year, a hacker stole 2,600 ETH (worth around $11M at the time) from Rari Capital user.
At the time, CEO Jai Bhavnani said Rari team members would sacrifice their RGT allocations and funnel them into reimbursement. When the companies merge, Fei Protocol assumes some of Rari’s liability stemming from that mining.