The attackers stole at least $80 million in crypto funds from FeiProtocol taking advantage of a vulnerability in smart contracts. The reward will be delivered under the indicated conditions as long as the totality of the stolen capital is returned.
FeiProtocolthe platform DeFiwas the victim these days of a security breach in which attackers stole at least some USD $80 million in cryptocurrencies, but the managers made an unusual proposal to those responsible for the attack to return the funds.
$10 million USD reward “no questions asked”
This was revealed by the team FeiProtocol in a publication through their Twitter account, where they offer some details about the attack and make the curious proposal to the attackers:
“We are aware of an exploit present in various Rari Fuse groups. We have identified the root cause and have stopped all lending to mitigate further damage. For the attacker, please accept a $10 million reward and we will not ask questions if he returns any remaining funds stolen from users.”
We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.
To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
— Fei Protocol (@feiprotocol) April 30, 2022
While offering bounties to attackers to return funds is common practice, what is striking about the case is the policy of “don’t ask questions“, with which they would be willing to deliver the USD $10 million if the stolen capital is repaid.
The attack perpetrated against FeiProtocol
According to the reports associated with the case, the hacker responsible for the attack took advantage of a loophole present in the smart contracts, with which he perpetrated a reentry attack, that is, he made use of the functionality that allows funds to be moved without applying security controls. appropriate security.
Despite the audits, the team of FeiProtocol he didn’t notice the gap until it was too late. Some reports indicate that other protocols have been victims of similar attacks, since they used the code of compound in force at the beginning of 2021, so the gap has been present.
As discussed, this led to the theft of some $80 million in crypto funds. Already the team Fei He put the authorities and other exchanges on notice to collaborate in the detection of the assets. However, the technology director of blocksec, Lei Wu reported that some 5,400 ETH of the total stolen had already been sent to transaction mixers, which significantly reduces the possibility of finding the funds.
Protocols DeFi: Very lucrative targets
What has happened to FeiProtocol It is not something new in the sector. DeFi, since today these platforms are some of the most lucrative targets for all those hackers with extensive knowledge of encryption and smart contracts.
In the past, protocols like Uniswap, Cream Finance, The Dao and many others have been victims of attacks, with which unknown actors have managed to seize the funds, leading in some cases to the closure of the protocols due to the inability to adequately remunerate the victims.
In more recent times, we have cases of wormhole Y Ronin, in whose bridges there were important losses after attacks perpetrated by hackers. In the latter, the responsible company reported important changes in its operating model, so now they will finalize resources to prevent future security breaches.
Angel Di Matteo version / DailyBitcoin
Picture of unsplash
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.