- The Raft stablecoin has been shuttered following an attack on Friday, despite the smart contract being audited by two companies
- The value of the project’s R token plummeted to $0.5 following the hack
- The thief stole some $3 million in ETH but seems to have accidentally burnt it
The effectiveness of blockchain audits has once again been called into question after the Raft stablecoin, which had been audited by two companies, fell victim to an attack on Friday. The value of the project’s stablecoin, R, crashed from its dollar peg to just $0.5 following a “complex security incident” which saw $6.7 million of unbacked R tokens minted. Raft announced over the weekend that the current project will be “sunsetted” and a new version created to take its place.
Thief Seems to Have Burned Takings
Raft posted on X on Friday to say that it had detected a “potential security vulnerability” as the value of its R coin plummeted 50%, before updating users that all R minting had ceased. Raft co-founder David Garai said in an X post that the exploiter “minted R (which was then sold to drain AMM liquidity), and also managed to withdraw collateral at the same time,” an attack that resulted in $6.7 million worth of R being minted and $3.3 million in ether (ETH) being stolen.
However, on-chain data shows that the hacker may have made a huge mistake and potentially even made a loss on the endeavor; they drained 1,577 ETH from Raft, almost all of which they then sent to an ETH burn address, effectively destroying it.
Taking into account the 18 ETH that was sent to the hacker’s address prior to the hack, which was likely to fund the operation, and the transaction fees, the hacker was left with only 14 ETH, four fewer than they had to start with. This suggests that the attacker actually lost money due to their own carelessness.
Raft Promises New Version
This news, while amusing, won’t bring any mirth to the Raft team, of course. In an X post over the weekend they revealed that the existing version will be closed down and a new R stablecoin will take its place:
Future Plans
The current version of Raft will be sunsetted. Raft DAO is fully committed to launching a completely new and secure version in the future, but our first priority is to establish a clear recovery plan for all affected users.
Stay tuned for updates.
— Raft (@raft_fi) November 11, 2023
The project also re-posted an X post noting that the smart contract for R had been audited by two companies Trail of Bits and Hats.Finance, and yet the hacker still managed to exploit the system. This shows that smart blockchain contract auditors are still not smarter than hackers, a trend that has been going on for years and one that doesn’t seem to be improving.
