Share this article

DeFi Lender Rari Capital/Fei Loses $80M in Hack

Fei Protocol, which late last year merged with Rari, announced a $10 million bounty should the funds be returned.

Updated May 11, 2023, 5:35 p.m. Published Apr 30, 2022, 4:48 p.m.

Decentralized finance (DeFi) platforms Rari Capital and Fei Protocol suffered a more-than-$80 million hack early Saturday.

The hacker exploited a reentrancy vulnerability in Rari's Fuse lending protocol, according to a tweet by smart contract analysis firm Block Sec.

Our monitoring system detected that multiple pools related to @RariCapital @feiprotocol were attacked, and lost more than 80M US dollars. The root cause is due to a typical reentrancy vulnerability. @defiprime
https://t.co/Cbtilpbuw9
— BlockSec (@BlockSecTeam) April 30, 2022

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

According to a tweet from Blockchain security firm PeckShield, the same vulnerability has been used to attack other forks of the Compund DeFi protocol.
Rari Capital acknowledged the hack, saying borrowing has been paused globally and that no further funds were at risk.
Fei Protocol, which merged with Rari in December, offered to let the attacker keep $10 million of the stolen funds as a "bounty" if the remaining funds were returned.

We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.

To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
— Fei Protocol (@feiprotocol) April 30, 2022

Rari Capital suffered from a different attack in May of last year, which saw a hacker run away with $10.6 million in user funds.

This story is developing and will be updated.

Rari DeFi Hack

Kevin Reynolds

Kevin Reynolds is editor-in-chief at CoinDesk. Prior to joining the company in mid-2020, Reynolds spent 23 years at Bloomberg, where he won two CEO awards for moving the needle for the entire company and established himself as one of the world's leading experts in real-time financial news. In addition to having done almost every job in the newsroom, Reynolds built, scaled and ran products for every asset class, including First Word, a 250-person global news/analysis service for professional clients, as well as Bloomberg's Speed Desk and the training program that all Bloomberg News hires worldwide are required to take. He also turned around several other operations, including the company's flash headlines desk and was instrumental in the turnaround of Bloomberg's BGOV unit. He shares a patent for a content management system he helped design, is a Certified Scrum Master, and a veteran of the U.S. Marine Corps. He owns bitcoin, ether, polygon and solana.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. His reporting is focused on decentralized technology, infrastructure and governance. Sam holds a computer science degree from Harvard University, where he led the Harvard Political Review. He has a background in the technology industry and owns some ETH and BTC. Sam was part of the team that won a 2023 Gerald Loeb Award for CoinDesk's coverage of Sam Bankman-Fried and the FTX collapse.