{"id":2594,"date":"2023-11-17T10:59:44","date_gmt":"2023-11-17T10:59:44","guid":{"rendered":"https:\/\/cryptobulls.biz\/blog\/?p=2594"},"modified":"2023-11-17T10:59:47","modified_gmt":"2023-11-17T10:59:47","slug":"the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist","status":"publish","type":"post","link":"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/","title":{"rendered":"The Unfortunate Tale of Raft DeFi Hack: A Misstep in Cyber Heist"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_56_1 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/#The_Hack\" title=\"The Hack\">The Hack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/#The_Twist\" title=\"The Twist\">The Twist<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/#The_Hackers_Misstep\" title=\"The Hacker\u2019s Misstep\">The Hacker\u2019s Misstep<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/#The_Aftermath\" title=\"The Aftermath\">The Aftermath<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/cryptobulls.biz\/blog\/the-unfortunate-tale-of-raft-defi-hack-a-misstep-in-cyber-heist\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n\n<p class=\"wp-block-paragraph\">In the ever-evolving world of decentralized finance (DeFi), the Raft protocol stands as a significant player. However, it recently fell victim to a complex security incident. This unfortunate event led to the minting of approximately $6.7 million in unbacked R tokens, shaking the foundations of trust and security in the DeFi landscape.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Hack\"><\/span>The Hack<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">An attacker found a vulnerability in the Raft protocol, a DeFi platform. They exploited this weakness to create child contracts from their parent contract. With just 2 cbETH, they issued 3,000 R tokens.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/CsFIr2M7PPYsQApUhTacP8NuZVTUUrPd8wzqEfcbFzF9MXuQE1c_U4_uqqYAklk-II03I9-VGpS0vC-UlTxr3W-wugGTsJ6z8ie7FM2TZfnsHVpbEC742FhD5XHXabXf-2fcwQbfmh89eeEtRSOVFKo\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The attacker then liquidated these positions using over 1,000 ETH obtained from flash loans. This action inflated the index used to calculate each user\u2019s collateral amount, leading to a sharp increase in the collateral balance for all users.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The attacker\u2019s small position turned into 3.9k ETH, which they used to mint R tokens. They planned to sell these tokens, likely to hide the stolen funds in one of the mixers.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Twist\"><\/span>The Twist<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">In an unexpected turn of events, the hacker, who had successfully minted and liquidated a large amount of uncollateralized R stablecoin, attempted to convert these tokens into ETH. However, due to an uninitialized exploit address in the parent contract, the conversion process went awry.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The code for converting R to ETH and transferring it to the exploiter was called from another contract using delegatecall. Delegatecall, however, looks at the storage of the parent contract. In this case, the slot with the exploit address in the parent contract was not initialized.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Hackers_Misstep\"><\/span>The Hacker\u2019s Misstep<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">the hacker\u2019s plan to profit from the heist ended up backfiring. Initially, they pulled 18 ETH from Tornado Cash, a privacy-focused Ethereum transaction pool. They then successfully hacked a total of 1,577 ETH from the Raft protocol.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, in an unexpected twist, the hacker<a href=\"https:\/\/x.com\/peckshield\/status\/1723136855749873761?s=20\" target=\"_blank\"> ended up burning 1,570 ETH<\/a>, effectively sending it to a null address from which it could never be retrieved. They sent the remaining 7 ETH to themselves.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After accounting for transaction fees, the hacker was left with 14 ETH. This means that their total profit after fees was -4 ETH. In other words, the hacker not only failed to profit from the heist but ended up at a loss.<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/vMa5CKHnuZNuVcoSnfsNrf3wXU_q-8FXH0f5iHU4_Bvg9HEIj3ckqgErrd4aUuukJaxAXOZKsh3WRtpfInRTm-b0eDaQbXbsCkfeIGoZna1GSn1aQ-SSWwND_2drRGcqGDoNtrF3DIlIcmbQCaIlXfI\" width=\"624\" height=\"240\"><\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Aftermath\"><\/span>The Aftermath<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">Following the security breach, Raft immediately took to Twitter to inform its users of the potential security vulnerability and assured them that they were investigating the matter. To control the situation, they paused the minting of R.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/EmxG2Y0a6dWAlZCDClIvpn38rOmMnZAT72TCjQxrRfHtH5q-9_LuXDGCkswajZW-QS8eMFRo9sG7Ij0Up6K2aAGF2JKmNewETxdQY836-R-CAWn4VA4TIjc3xHmU4YtKLOqfdxTNwagUho-heBNNI3M\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In a subsequent update, Raft confirmed the incident, stating that it had led to the minting of approximately $6.7 million in unbacked R. They also revealed that the hacker had sold R, which had an impact on its price. Despite the chaos, existing users were still able to repay their positions and receive their collateral.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Raft is currently working on a comprehensive recovery plan to compensate users affected by the incident and plans to publish this detailed recovery plan in the upcoming week. In the meantime, they advised users to wait for further updates on the recovery plan. They also strongly discouraged speculative R purchases as there is unbacked R in circulation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Looking ahead, Raft announced that the current version of the platform would be sunsetted. They are fully committed to launching a completely new and secure version in the future, but their priority is to establish a clear recovery plan for all affected users.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Despite the exploited Raft codebase being audited by both Trail of Bits and Hats Finance, the incident served as a brutal reminder that no audit is 100% safe, regardless of who the auditor is. This underscores the importance of robust security measures and continuous vigilance in the DeFi landscape.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/b0IaeqptZdEE3rDaqa3Tct0YtBP-rJMGUGM3IUNN--JglgYQUiG6Q6noaJyzt7-SOHdYcnPvy-0SLTRNWjFRO3VIoQ-ksk5-jIP2HbQSvdvEX6zsdP6Nz906cPdJ9pTxLipEOZPxG0nDckqBNfisRHs\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This series of events provides a clear timeline of Raft\u2019s immediate response, their ongoing efforts to address the issue, and their plans to ensure the security of their platform. It also highlights the importance of robust security measures in the DeFi landscape.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">In conclusion, while the hack was a setback, it has also paved the way for necessary improvements in security measures. It\u2019s a reminder that in the rapidly evolving world of DeFi, continuous vigilance, robust security measures, and adaptability are crucial for success. The lessons learned from this incident will undoubtedly shape the future of DeFi platforms. As the saying goes, \u201cEvery adversity carries with it the seed of an equal or greater benefit.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the ever-evolving world of decentralized finance (DeFi), the Raft protocol stands as a significant player. However, it recently fell victim to a complex security&#8230;<\/p>\n","protected":false},"author":1,"featured_media":2596,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":""},"categories":[2],"tags":[],"class_list":["post-2594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defi"],"_links":{"self":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/2594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/comments?post=2594"}],"version-history":[{"count":1,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/2594\/revisions"}],"predecessor-version":[{"id":2595,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/2594\/revisions\/2595"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/media\/2596"}],"wp:attachment":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/media?parent=2594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/categories?post=2594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/tags?post=2594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}