Raft Finance floats user bailout plan after odd exploit

An attacker stole 1,575 ETH from Raft, then burned 1,570 of it


Profit_Image/Shutterstock modified by Blockworks


Raft Finance experienced a severe security breach on Friday when a hacker managed to exploit a vulnerability in the protocol, resulting in the loss of approximately $3.3 million in ether.

The protocol originated as a fork of Liquity that replaced ether with staked ether as the collateral source backing its stablecoin, R. The exploit caused R to deviate from its intended $1 peg.

That prompted the team behind Raft to confirm the vulnerability and pause further minting to prevent additional losses​​​​.

According to a post-mortem blog post published Monday, the attacker was able to mint 6.7 million R, which was then swapped for 1,575 ether (ETH) causing R to de-peg.

Read more: Liquity aims to build on safety record with V2 using staked ether

In a surprising turn of events, the attacker then sent 1,570 ETH to a burn address, effectively removing it from circulation. This action left the hacker with only 7 ETH from the stolen funds.

Prior to the attack, the hacker’s address had received 18 ETH through a crypto mixer service, suggesting a level of premeditation and planning for the attack​​​​​​.

The circumstances of this attack are unusual, in that the large majority of the stolen funds were burned, leading to speculation about the attacker’s motives. The loss may have been accidental.

Loading Tweet..
Loading Tweet..

It’s not yet clear what comes next for the protocol and its users. Developers have promised an “in-depth recovery plan this week, outlining the steps to address the situation and provide redress for affected users,” the team said in its post-mortem statement.

“The Raft community will have the opportunity to provide feedback on the proposed recovery plan before it is concluded and the recovery plan is executed,” it said.

Raft issued a governance token (RAFT) in an airdrop on Oct. 11, intended to be staked to provide holders with voting rights over the protocol. The price of RAFT has plummeted about 60% since the exploit, per Coingecko.

Total value locked (TVL) in the protocol peaked in July at $64 million, and has been on a steady decline since, according to DefiLlama — just $1.48 million remains as of today.

Meanwhile, the formerly dollar-pegged stablecoin R is volatile with very limited liquidity on a handful of decentralized exchange markets. Although the developers have suspended the creation of new R tokens, users can still repay their R-related debts to retrieve collateral that is locked in the protocol.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.


Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Screen Shot 2024-05-16 at 14.53.45.png


Loss-versus-rebalancing (LVR) is arguably Ethereum DeFi’s biggest problem, and thus reducing LVR is fundamental to the success of Ethereum. This report dives into the world of LVR. We uncover its importance for AMM designers, discuss the two major mechanism design categories and various projects developing solutions, and offer a higher level perspective on the importance of AMMs in general.


Yesterday saw Congress’ upper chamber side with the House on a measure aimed at overturning SAB 121


Oklahoma’s new crypto bill will go into effect in November of this year


The deposits hit a $20 million cap in just 45 minutes


Twelve Democratic Senators voted in favor to pass the resolution Thursday


Pump.fun is “aware” that bonding curve contracts on Pump.fun were exploited, and has since paused trading


Some investment pros are mulling crypto allocations between 1% and 10% and seeking ex-BTC exposure for interested clients