Raft Finance floats user bailout plan after odd exploit

An attacker stole 1,575 ETH from Raft, then burned 1,570 of it

article-image

Profit_Image/Shutterstock modified by Blockworks

share

Raft Finance experienced a severe security breach on Friday when a hacker managed to exploit a vulnerability in the protocol, resulting in the loss of approximately $3.3 million in ether.

The protocol originated as a fork of Liquity that replaced ether with staked ether as the collateral source backing its stablecoin, R. The exploit caused R to deviate from its intended $1 peg.

That prompted the team behind Raft to confirm the vulnerability and pause further minting to prevent additional losses​​​​.

According to a post-mortem blog post published Monday, the attacker was able to mint 6.7 million R, which was then swapped for 1,575 ether (ETH) causing R to de-peg.

Read more: Liquity aims to build on safety record with V2 using staked ether

In a surprising turn of events, the attacker then sent 1,570 ETH to a burn address, effectively removing it from circulation. This action left the hacker with only 7 ETH from the stolen funds.

Prior to the attack, the hacker’s address had received 18 ETH through a crypto mixer service, suggesting a level of premeditation and planning for the attack​​​​​​.

The circumstances of this attack are unusual, in that the large majority of the stolen funds were burned, leading to speculation about the attacker’s motives. The loss may have been accidental.

Loading Tweet..
Loading Tweet..

It’s not yet clear what comes next for the protocol and its users. Developers have promised an “in-depth recovery plan this week, outlining the steps to address the situation and provide redress for affected users,” the team said in its post-mortem statement.

“The Raft community will have the opportunity to provide feedback on the proposed recovery plan before it is concluded and the recovery plan is executed,” it said.

Raft issued a governance token (RAFT) in an airdrop on Oct. 11, intended to be staked to provide holders with voting rights over the protocol. The price of RAFT has plummeted about 60% since the exploit, per Coingecko.

Total value locked (TVL) in the protocol peaked in July at $64 million, and has been on a steady decline since, according to DefiLlama — just $1.48 million remains as of today.

Meanwhile, the formerly dollar-pegged stablecoin R is volatile with very limited liquidity on a handful of decentralized exchange markets. Although the developers have suspended the creation of new R tokens, users can still repay their R-related debts to retrieve collateral that is locked in the protocol.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (1).jpg

Research

Jupiter has emerged as the undisputed liquidity backbone of Solana, commanding over 90% of spot DEX aggregation and 80% of perp trading volume. But behind the numbers lies a far more ambitious play: a cross-chain, vertically integrated super-app spanning swaps, synthetics, NFTs, memecoins, and launchpads. This report explores Jupiter’s rapid rise, the monetization upgrades reshaping its revenue profile, and the risks that could unwind its dominance, from token dilution to competition. With annualized revenues nearing $300M, the upside is undeniable, if it can navigate the turbulence.

article-image

Immutable has been building a game with Ubisoft that was slated to unveil in April. It may be a TCG.

article-image

Curve founder Michael Egorov is working on a new protocol designed to eliminate impermanent loss, rethink token emissions, and capture BTC-native yield

article-image

Mining outfits have gone bust in the wake of prior halvings. Not so this time around.

article-image

Zora’s announcement that its token is for “fun only” sparked a debate about the need for such tokens

article-image

In recent weeks, Helium has hit new all-time highs while passing major protocol milestones

article-image

Financial advisers in a January survey said equity ETFs were their top choice for gaining crypto exposure in 2025