{"id":440171,"date":"2022-05-01T08:12:36","date_gmt":"2022-05-01T05:12:36","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot\/"},"modified":"2022-05-01T08:12:36","modified_gmt":"2022-05-01T05:12:36","slug":"rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot\/","title":{"rendered":"# Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a33d91cec55d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a33d91cec55d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot\/#%E2%80%9D_Rari_Fuze_hacker_offered_10M_bounty_by_Fei_Protocol_to_return_80M_loot_%E2%80%9C\" >&#8221; Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Rari_Fuze_hacker_offered_10M_bounty_by_Fei_Protocol_to_return_80M_loot_%E2%80%9C\"><\/span>&#8221; Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-2a0745c6>Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 or nearly $80 million.<\/p>\n<p>On April 30, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a \u2018no questions asked\u2019 commitment.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage.<\/p>\n<p>To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.<\/p>\n<p>\u2014 Fei Protocol (@feiprotocol) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/feiprotocol\/status\/1520344430242254849?ref_src=twsrc%5Etfw\">April 30, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nWhile the exact losses from the exploit were not officially released, DeFi investigator BlockSec\u2019s monitoring system <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/versatile.blocksecteam.com\/tx\/eth\/0xadbe5cf9269a001d50990d0c29075b402bcc3a0b0f3258821881621b787b35c6\">detected<\/a> a loss of more than $80 million \u2014 citing the root cause as a typical reentrancy vulnerability. While reentrancy bugs have been the main culprit in many exploits within the DeFi ecosystem,\u00a0the $80 million loot makes the Fei Protocol exploit one of the largest reentrancy hacks ever.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-05\/c1525bd9-ef76-4a3b-9124-c3e26b40bd92.jfif\"><figcaption style=\"text-align: center;\">Invocation flow. Source: BlockSec<\/figcaption><\/figure>\n<p>Upon further investigations, Rari developer Jack Longarzo revealed a total of six vulnerable pools (8, 18, 27, 127, 144, 146, 156) that have been temporarily paused while an internal fix is underway. At the time of writing, Rari\u2019s internal and external security engineers partnered with DeFi service provider Compound Treasury to further investigate and neutralize the hack.<\/p>\n<p>Providing further insights into the development, blockchain investigator PeckShield narrowed down the exploit to a reentrancy bug, which allows hackers to use a function and make external calls to another untrusted contract.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The old reentrancy bug bites again on Compound forks w\/ $80M loss! This time, it re-enters via exitMarket()!!! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/NpC8AAZRXc\">https:\/\/t.co\/NpC8AAZRXc<\/a> <\/p>\n<p>Watch out, all Compound forks in EVM-compliant chains. Get in touch with your auditors now or feel free to contact us if we can be of any help <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/M9JElTWMSd\">pic.twitter.com\/M9JElTWMSd<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield\/status\/1520369315698016256?ref_src=twsrc%5Etfw\">April 30, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Security-focused ranking platform\u00a0CertiK told Cointelegraph that\u00a0the attacker has sent 5400 Ether (ETH) (~$15,298,900) to Tornado Cash and still holds $64,245,245.43 (22,672.97 ETH) in their wallet.\u00a0The attack has drained funds from the Rari pool whilst the Fei Pools (Tribe, Curve) remain unaffected.<\/p>\n<p>Last year, in May 8, 2021, Rari Capital became victim to a high-priced exploit that was related to an integration with Alpha Venture DAO (previously Alpha Finance Lab).\u00a0At the time of reporting, there have been no official announcements from the Fei Protocol team on the results of their investigation.<\/p>\n<p><strong>Related: <\/strong><strong><em>Plan for $1M bug bounties and double the nodes in wake of $600M Ronin hack<\/em><\/strong><\/p>\n<p>As the crypto community goes through an ever evolving battle against hackers, numerous projects and protocols have decided to amp up their security measures. On April 28, the Ronin Network and Sky Mavis revealed plans to upgrade their smart contracts \u2014 following the $600 million hack in the previous month.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We have put together a postmortem regarding the Ronin exploit that occurred on March 23rd.<\/p>\n<p>\u2022 Why it h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ened<br \/>\u2022 What we&#8217;re doing to make sure this never happens again<br \/>\u2022 Ronin bridge re-opening update<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/FfwCtCG84E\">https:\/\/t.co\/FfwCtCG84E<\/a><\/p>\n<p>\u2014 Ronin (@Ronin_Network) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Ronin_Network\/status\/1519322899135537152?ref_src=twsrc%5Etfw\">April 27, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Federal Bureau of Investigation (FBI) attributed the attack to North Korea-based and state-sponsored hacking group Lazurus, as it fired off a warning to other crypto and blockchain organizations.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot &#8220; Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 or nearly $80 million. On April&#8230;<\/p>\n","protected":false},"author":1,"featured_media":440172,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDUvZjE2MmFlNGUtMmEzYy00ZmVlLWIyNGMtN2FmZDJjOGZkMTE5LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,99002,74868,74882,70944],"class_list":["post-440171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-decentralized-marketplace","tag-defi","tag-hacks","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/440171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=440171"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/440171\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/440172"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=440171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=440171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=440171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}