The story behind the $6 million interception hack: A peek into the impromptu Rari war room

In what could be considered the VUCA (volatile, unpredictable, complex, ambiguous) world of DeFi, a “war room” formed in response to DeFi security emergencies may be the mainstay of the ecosystem’s health.

On May 8, the attackers of the DeFi protocol Rari Capital left a message on the block after the interception of 6 million virtual assets that they were close to getting their hands on.

The story behind the  million interception hack: A peek into the impromptu Rari war room

What did Alpha Finance do to help Rari Capital intercept a $6 million loss in time?

In the current DeFi world, which can be considered as VUCA (Volatile, Unpredictable, Complex, Ambiguous), the “war room” formed for DeFi security emergencies may become the main force to maintain the health of the ecosystem.

Here’s a glimpse into how the Rari war room, formed on an ad hoc basis by blockchain security firm PeckShield, DeFi protocol development team C.R.E.A.M, Yearn and others, successfully intercepted the $6 million being transferred by the hackers.

The situation is urgent, and in just a few hours, the attackers have opened a new round of attacks on another DeFi protocol.


The attackers begin to execute a second attack.


PeckShield Alert: Anomalies in addresses marked as high risk, suspected vulnerability in the Alpha Finance contract of the DeFi protocol.

PeckShield activates emergency response mechanism, notifies Alpha Finance development team, while tagging this transaction address and monitoring asset flow in real time.

The story behind the  million interception hack: A peek into the impromptu Rari war room


PeckShield security personnel analyzed the attacker’s money transfer transactions and quickly and accurately located that the attack was actually targeting Rari Capital’s ETH pool.

The story behind the  million interception hack: A peek into the impromptu Rari war room

and synchronized the root cause of the vulnerability to the Alpha Finance development team, proposing an effective security solution that intercepted the attacker’s transfer in time to avoid the loss of another $6 million in funds from Rari Capital.


Alpha Finance promptly suspended its services on the advice of PeckShield, and the status of the stolen virtual asset transaction transfer was changed to Pending.


Alpha Homora’s assets were not compromised and Rari Capital avoided further financial loss due to effective security measures suggested by PeckShield.


PeckShield and the Alpha Finance development team urgently contact the Rari Capital team while locating the root cause of the problem.


Rari Capital team withdraws all assets from ibETH to avoid further damage to funds.


PeckShield establishes a “War Room” with multiple teams to follow up on the security incident.

May 9 1:15AM

The improvised war room continues to work until it is repeatedly confirmed that there are no more potential issues with Rari Capital, with whom it interacts, after restarting the Alpha Homora protocol.

At this point, the war room members breathed a soft sigh of relief, but they still did not dare to relax, as attackers could come back at any time and keep launching attacks against different protocols using the same attack mechanisms, using various techniques and methods to discover vulnerabilities once they have identified high-reward exploitable assets. Some techniques and methods allow attackers to get their hands on them quickly, while others take a long time.

Information on the blockchain is more valuable to attackers than traditional cybercrime, as a successful attack on the DeFi protocol can bring immediate financial rewards.

As the entire DeFi ecosystem grows rapidly, security incidents continue to be a threat to the health of the ecosystem.

As evidenced by this security incident, risk prevention and alerting is a very important part of the overall DeFi security system engineering.

If DeFi protocols want to carry hundreds of billions or even trillions of dollars in value, they must be battle-tested, and rapid growth has to make them suffer from the pains that come with development. Each security incident requires further security investigation and reflection for each DeFi protocol.

The growing DeFi ecosystem has led to increased interaction between protocols, whether it is Alpaca/Alpha, vSafe/Rari or PancakeSwap/SushiSwap, there is interaction between these protocols and therefore vulnerabilities that have occurred are likely to be repeated on another chain.

As the “monetary Lego” in the DeFi space becomes more complex and diverse, the interactivity between DeFi protocols increases, and the blurred boundaries make it easier for “money to escape”.

DeFi security issues are becoming more exposed and more frequent, and to some extent, the entire DeFi industry is slowly raising its security awareness, but securing assets is still the biggest challenge facing the entire DeFi space. For the developers of DeFi protocols, it is even more time critical and tasking, if they want to maximize the interactivity of the protocols, they need to ensure the combinability of the protocols to interoperate and interoperate, rather than rigidly stitching them together and putting the assets at risk.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-11 15:17
Next 2021-05-11 15:29

Related articles