On June 2nd, the decentralized finance (DeFi) platform Raft was hacked for $3.3 million in Ethereum (ETH). The attack involved someone exploiting a system bug in the Ethereum smart contract and exposing a loophole in the platform’s code. The attacker was able to move Ether from Raft’s reserve pool to their own wallet, and then sell it off in multiple small transactions on decentralized exchanges (DEXs).
Although the hacker was able to make off with a large amount of ETH in the initial attack, they made the mistake of leaving a paper trail. After the attack was discovered, law enforcement was able to track down the hacker’s wallet address and subsequently freeze the remaining stolen funds. In a surprising twist of events, the hacker decided to return most of the stolen ETH by burning them to an unspendable address. This led to roughly 88% of the stolen ETH being returned to Raft’s reserves after the attack.
It appears that the hacker has not yet been identified and the extent of their losses remains unknown. However, it appears that the hacker burned the vast majority of the stolen funds. This is clearly a lesson in the importance of comprehensive security audit before deploying smart contracts. Additionally, it serves as a reminder that DeFi can be a lucrative target for hackers due to its decentralised nature and illiquid nature of its tokens.