Raft Protocol Compromised: An Analysis of the $3.3M Depegging Hack

Raft Protocol Compromised: An Analysis of the $3.3M Depegging Hack


2 min read

In a recent security breach within the decentralized finance (DeFi) sector, Raft, a protocol known for its R stablecoin, experienced a sophisticated on-chain attack. This incident led to the depegging of the R stablecoin. Notably, the attacker's potential gain of $3.3 million was thwarted due to a technical mishap, resulting in the unintended burning of the majority of the funds.

Behind the Breach

The exploit was orchestrated by artificially inflating the collateral value within the Raft protocol. Utilizing a flash loan, the attacker acquired substantial ETH, which was then strategically deployed to manipulate the protocol's collateral valuation. This manipulation enabled the minting of an excessive 6.7 million R stablecoins.

Subsequently, these minted tokens were rapidly sold off in the liquidity pool, leading to a significant drop in the stablecoin's value. However, a critical error in the exploit's execution, specifically the misuse of delegatecall, inadvertently directed the majority of the extracted assets to the Ethereum null address, effectively removing them from circulation.

Lessons from the Incident

In response to the breach, the Raft team promptly acknowledged the incident and commenced the development of a recovery strategy. They cautioned against speculative activities involving the now partially unbacked stablecoin and announced the planned discontinuation of the current Raft iteration.

The Raft protocol incident emphasizes the need for continuous and rigorous security measures. It highlights the criticality of comprehensive understanding and meticulous implementation of smart contract code to prevent exploitable vulnerabilities as well as solid measures in case the worst case scenario happens.

Don't know how to prepare for a hack? Reach out to us for a free consultation.

It's not if it's going to happen, but when.

Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.