A recent cyberattack on Raft, a protocol for stablecoins pegged to the US dollar, resulted in the theft of $6.7 million. The incident occurred despite the protocol undergoing multiple security checks by renowned blockchain security firms. On 13 November, Ruff revealed details of the attack in a detailed analysis.

Just days before the breach, an unknown individual managed to obtain 6,000 Coinbase-wrapped staked ether (CBETH) from decentralized finance platform Aave. This person then exploited a loophole in Raft’s system to mine 6.7 million of Raft’s stable coins, known as R tokens. These tokens were later exchanged for $3.6 million on decentralized exchange platforms such as Balancer and Uniswap, reducing the value of Raft’s stablecoin against the dollar.

root of the problem

The main issue arose from miscalculations in the minting process of share tokens, as identified in Raft’s report. This miscalculation allowed the hacker to obtain additional share tokens, which he used to increase the value of his holdings. The exploited smart contracts were previously investigated by Trail of Bits and Hats Finance, two leading blockchain security firms. However, these audits failed to identify the weaknesses that led to the breach.

In response to this security breach, Raft has halted all of its smart contract operations. They have also reported the incident to law enforcement and are cooperating with centralized exchanges to trace the stolen funds. Users who had staked R tokens can still redeem their positions and reclaim their collateral.

This incident is not the first of its kind in the world of decentralized stable coins. In December 2022, a similar exploit occurred with the HAY stablecoin, which lost its peg against the dollar after a hacker mined 16 million HAY without sufficient collateral. The HAY stablecoin subsequently regained its value, partly due to its protocol demanding a collateral ratio of 152% at the time of exploitation as a risk management measure.

Such incidents highlight the existing challenges and risks associated with decentralized finance, particularly with regard to the security of smart contracts and the need for more robust auditing processes.

