Fei Protocol, a DeFi (decentralized finance) venue offered $10 million as a reward to the exploiters to discuss and recover a big proportion of the swindled funds from several pools of Rari Fuse containing a worth of up to $79,348,385,61 (approximately $80M). on 30th April, the investors were informed by Fei Protocol regarding an exploit targeting a lot of pools on Rari Capital Fuse while the hackers were requested to repay the exploited funds in return for $10 million in reward and a commitment not to ask any questions.
On 30th April, Fei Protocol shared with the consumers that management of the platform is in knowledge with the exploit on diverse pools of Rari Fuse. They added to have detected root cause along with stopping the entirety of the borrowing to minimize the occurrence of additional damage. The venue then addressed the swindlers and requested to take $10 million for a reward whereas the platform will not ask any questions from the exploiters if the remaining customer funds are repaid to them.
Although the exact amount of the funds lost in the incident was not formally disclosed. However, the monitoring system of BlockSec (a DeFi investigator) found out that nearly $80M was lost in the exploited funds, referring to the chief reason as a usual reentrancy vulnerability. Though the principal culprit in several exploits has been the reentrancy bugs throughout the DeFi ecosystem, the hack of up to $80M categorizes the exploit of Fei Protocol among the biggest reentrancy exploits ever.
Upon additional investigation, Jack Longarzo (a developer at Rari) disclosed a cumulative of six susceptible pools (taking into account 156, 146, 144, 127, 27, 18, and 8) that the platform has put a stop on whereas it is working on an internal fix. At this time, the external and internal security engineers of Rari collaborated with Compound Treasury (a provider of DeFi services) to perform additional investigations as well as neutralize the exploit.
Giving more development insights, PeckShield (a blockchain investigator) constricted the hack to a reentrancy bug, permitting the exploiters to utilize a function to call some external untrusted contract. As the crypto community is undergoing an advancing fight against exploiters, several protocols and projects have determined to enhance their security measures. On 28th April, Sky Mavis and Ronin Network disclosed a strategy to escalate their smart contract, after a hack of $600M took place in the recent month.