The DeFi platform Raft has temporarily halted the minting of its R stablecoin following a security breach that led to significant losses. The company is investigating the incident and plans to keep its users informed. Although new activities are suspended, existing users can still make loan repayments and retrieve collateral.
David Garai, a co-founder of Raft, confirmed an attack on their platform, where the perpetrator created R tokens, depleted liquidity from the automated market maker, and simultaneously withdrew collateral from Raft. The platform, which issues R stablecoins backed by liquid staking ETH derivatives, is now focusing on securing user operations and stabilizing the platform.
This incident caused the R stablecoin’s value to plummet from $1 to $0.18. As per CoinGecko, the cryptocurrency’s value was $0.057965 at the time of reporting, representing a 92.3% decline from its previous level.
On-chain analysts suggest that a hacker exploited the system, leading to the burning of a significant amount of ether (ETH). Interestingly, due to a coding mistake, the stolen ETH was sent to a null address instead of the hacker’s account, rendering it unrecoverable.
Data indicates that the hacker extracted 1,577 ETH from Raft but accidentally sent 1,570 ETH to a burn address. As a result, the hacker’s wallet only retained 7 ETH, which is a net loss compared to the initial 18 ETH funded through the sanctioned crypto mixer service, Tornado Cash.
Igor Igamberdiev, Head of Research at Wintermute, observed that the hacker created 6.7 uncollateralized R stablecoins and converted them to ETH. However, due to the coding error, this ETH also ended up in the null address.