Raft Hacked, Losing $3.3 Million and Causing Stablecoin R to Depeg

Incident Details

On the night of November 10, DeFi platform Raft was hacked, resulting in the loss of $3.3 million worth of Ethereum (ETH). Interestingly, the hacker seems to have incurred a loss with the stolen funds.

The Hack and Its Aftermath

On-Chain Analysis:
Data reveals that the attacker stole 1,577 ETH from Raft and then sent 1,570 ETH to a burn address, effectively destroying the majority of the stolen assets and leaving only 7 ETH. Before targeting Raft, the hacker's wallet had received 18 ETH via the Tornado Cash mixing service, as noted by Arkham's data.

Net Loss:
After accounting for transaction fees and the ETH sent to the burn address, the hacker ended up with only 14 ETH, losing 4 ETH compared to the initial 18 ETH.

Confirmation and Impact

David Garai, Raft's co-founder, confirmed the security breach on X (Twitter). He explained that the hacker minted R tokens and sold them to deplete liquidity and withdraw collateral from Raft.

Control Measures:
Within an hour, Raft managed to control the situation, stopping the hacker from minting more R tokens. However, the incident significantly impacted Raft's stablecoin R, which dropped over 70% from its $1 peg, trading around $0.33 at the time of reporting.

Raft's Functionality and Recent Trends

Raft is a DeFi lending platform that issues the stablecoin R, collateralized by ETH liquid staking derivatives like Lido's stETH. Users can use stETH as collateral to borrow R.

Second Major Hack on the Same Day:
Earlier on the same day, Poloniex also suffered a major attack, with losses amounting to $114 million.