Rari Capital, a cryptocurrency startup, was hacked this weekend following a cross-chain exploit. According to experts, the attack mechanism was that the attacker created a fake coin and its pool on SushiSwap, after which he received ibETH through Alpha Homora in the Rari ETH contract, and exchanged his cryptocurrencies for Ethereum there.
During the attack, the hacker withdrew 5346 BNB (about $3.58 million), exchanging them for 1,000 ETH. Then he managed to steal another 1900 ETH. If the developers hadn't thought of saving the money, the attacker could have withdrawn not 2900 ETH, but more than 4600 ETH. Although even 2,900 ETH make up over 60% of the total ETH Rari Capital pool.
Having lost about 10 million, the Rari team now intends to form a compensation plan for victims affected by the hacker's actions. The guide automates refunds to the ETH pool by rebalancing money and client pools.
The head of Rari said that the project participants unanimously decided to give back 2M RGT coins intended as a bonus to the developers back to the DAO. They will also be used to recover funds lost by users during the attack on the project.
While the final return plan is underway, the Rari executive also stressed that RGT coin holders will be able to claim a portion of the DAO stablecoin reserve at today's conference. The total number of RGT coins in the DAO is 8.7M (almost $122M).
The entire amount of funds allocated by the team for damages exceeds 26 million. And the sooner the startup copes with this difficult task, the better since the value of RGT tokens has already dropped by 44% after the news of the hack in less than one hour.
The good news is that despite the growing number of hacks in the DeFi industry, in proportion to the growth of its popularity, there are still startups willing to take responsibility for their mistakes.