$90 million hacked from DeFi today: Rari Capital, Fei Protocol & Saddle finance exploited
According to a report by peckshield , Saddle Finance was exploited in a flurry of transactions, resulting in the protocol loss of >$10M.
The hack was made possible due to the wrong MetaSwapUtils lib which was used for calculating the swap. The latest code is deployed in 0x824dcd7b044d60df2e89b1bb888e66d8bcf41491, but the old lib 0x88cc4aa0dd6cf126b00c012dda9f6f4fd9388b17 is used.
The initial fund (1 ETH) to launch the hack has been withdrawn from Tornado Cash. Currently, 3,633 ETH of the illicit gains still stay in the hacker’s account and 300 ETH have been deposited to
Tornado.
This wasn’t all!
Later today, $80M was lost in Rari Capital and Fei Protocol’s Lending Pool Hack.
The attack was first detected by the people at blocksec:
https://twitter.com/BlockSecTeam/status/1520350965274386433
The root cause of this hack was a typical reentrancy vulnerability.
Fei Protocol has asked the hacker to send back the fund in exchange for a $10 million bounty and no questions asked.
