Rari Capital hit by Value DeFi attackers in cross-chain chain attack

Interoperability between DeFi protocols is increasing, and blurred boundaries make it easier for attackers to “escape routes”

Rari Capital hit by Value DeFi attackers in cross-chain chain attack

Young blood and new money.

After a short lunch break, Rari Capitals also came under attack.

The up-and-coming revenue aggregator became the victim of a serial attacker. A few hours ago, the same wallet that attacked Value DeFi turned its attention to Rari Capital’s ETH pool, removing $10 million worth of ETH.

Rari Capital has attracted attention for the youth of its developers, but has also suffered from community controversy as a result. However, does age matter much when the entire DeFi industry is only 2-3 years old?

While some may say they were “asking for it”, we don’t like to see people lose their funding.

No developer has 10 years of experience when it comes to DeFi system design, and it’s a meritocracy that depends on skill and maturity, not the length of their resume.

Each attack teaches us valuable lessons and we must look at these techniques to build a more secure future.

This attack was the act of a cross-chain killer who used Value DeFi’s funds to launch an attack against Rari Capital.

In this attack, a total of 5,346 BNB (worth $3.8 million) were stolen and exchanged for 1,000 ETH.

The attackers manipulated the BSC as follows.

Create a fake token and enter the pool with BNB on PancakeSwap in order to use Alpaca Finance.

Interacting with Alpaca Finance, a payload is invoked when approve() is called on the fake token, allowing the attacker to use VSafe to get vSafeWBNB through the Codex farm

Converting vSafeWBNB to WBNB

Convert WBNB to Ethereum via Anyswap.

Then repeat for the 2nd time.

The attack on Rari is as follows.

Create a fake token and use it to enter the pool on SushiSwap

Interact with Alpha Homora while calling a payload so that the attacker can get ibETH in the Rari ETH pool contract.

Convert the ibETH to ETH in the Rari ETH pool.

Ultimately, 2,900 ETH (worth $11.1 million) were stolen and another 1,700 ETH were at risk before the Rari team acted.

A total of $15 million worth of ETH was involved in both attacks.

Rari Capital hit by Value DeFi attackers in cross-chain chain attack

The price of Rari Capital’s governance token, RGT, fell sharply immediately after the attack.

Rari Capital hit by Value DeFi attackers in cross-chain chain attack

In addition, the attackers decided to make fun of the protocol involved and canceled the transaction. However, because they set the Gas price for the cancelled transaction so low that the cancellation did not go through for 20 minutes, it gave everyone time to discover the ins and outs of this hack.

This attack technique is similar to Evil Pickle Jar (the PickleJar controller vulnerability that occurred with Pickle Finance) and is likely to become more common in the future.

Although the attackers launched the attack against a different protocol, the mechanism used is the same.

Alpaca/Alpha, vSafe/Rari, PancakeSwap/SushiSwap-they all interact with each other in such a way that the vulnerability can easily be repeated on another chain as well.

Interoperability between DeFi protocols is increasing, and blurred boundaries will make “escape routes” easier.

In the Roaring 20s, the ruthless were rewarded, but any prosecution seems unlikely. With so many other apparent crimes in cryptocurrencies, who would try to prosecute someone for taking advantage of so many anonymous contracts?

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/rari-capital-hit-by-value-defi-attackers-in-cross-chain-chain-attack/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-10 05:49
Next 2021-05-10 05:53

Related articles