Ethereum-based DeFi exchange Fei Protocol lost about $80 million worth of tokens in an exploit on Saturday, on-chain data showed. The protocol offered the hacker a $10 million bounty to return the stolen funds.
In a series of transactions, the attacker appeared to have moved about $80 million of Wrapped Ethereum from the protocol, and into their personal wallet. The hacker now appears to be laundering the stolen funds into mixer Tornado Cash, where they are bound to become untraceable.
Multiple liquidity pools belonging to Rari Capital and Fei appeared to be the target of the attack.
Fei is an Ethereum-based protocol that uses tokenomics to maintain the 1:1 dollar peg for its stablecoin Fei USD. But the news of the hack appears to have destabilized the stablecoin, which is now trading at $0.986, according to data from Coinmarketcap.
Fei’s governance token, $TRIBE, plummeted 10% in minutes after the attack.
Trending Stories
Fei Protocol offers $10 mln bounty
On its official twitter handle, the DeFi protocol acknowledged the hack, and offered the exploiter a $10 million bounty to return the funds.
We have identified the root cause and paused all borrowing to mitigate further damage. To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds.
But given that the funds are already being moved into a token mixer, it seems unlikely that such a scenario will play out.
Crypto security firm Blocksec said the cause of the exploit is due to a typical “reentrancy vulnerability,” a common vulnerability in Ethereum-based smart contracts.
A similar exploit was used in the now-infamous DAO Hack of 2016 to steal over $70 million worth of tokens.
A bad week for DeFi?
This week has seen a string of exploits and hacks in the DeFi space, with a total of over $100 million in tokens being stolen. Earlier on Saturday, Ethereum-based DeFi protocol Saddle Finance was exploited to steal over $10 million.
Fantom-based Deus Protocol lost $13 million earlier this week. The perpetrators of these attacks are unknown.
But the U.S. government had recently warned that a notorious North Korean hacking group, called Lazarus, is turning its sights on DeFi protocols. The group is behind the record-breaking Axie Infinity hack, which saw over $600 million stolen.