The decentralized finance (DeFi) lending platform Raft has temporarily suspended minting of its R stablecoin following a security breach, resulting in over 1500 ETH drained from the protocol.
Raft co-founder David Garai confirmed the security breach, which involved the intruder generating R tokens and depleting automated market maker liquidity while simultaneously withdrawing collateral from Raft.
According to CoinGecko data, the breach caused the price of R stablecoin to drop from $1 to $0.04 at the time of writing.
R stablecoin price chart | Source: CoinGecko
Moreover, Garai said Raft is focused on securing user operations and restoring stability as it investigates the full extent of the incident. However, existing R holders can still repay loans and retrieve collateral while minting is suspended.
Interestingly, an on-chain data analyst traced the hack to a coding flaw that mistakenly sent the 1570 ETH drained by the hacker to an irretrievable null address instead of the hacker’s wallet.
In total, the attacker was able to drain 1577 ETH from Raft but only withdrew 7 ETH due to the error. The hacker reportedly funded the attack with just 18 ETH obtained through the controversial crypto mixer Tornado Cash.
According to Gor Igamberdiev, Head of Research at Wintermute, the hacker minted 6.7 million unbacked R tokens valued at $6.7 million and swiftly exchanged them for ETH. However, due to the critical code flaw, the ETH ended up locked in the null address.
While Raft continues its investigation, the team has promised to keep users updated on efforts to restore stability and compensate for any losses from the protocol’s treasury reserves.
For now, existing R holders are still able to utilize Raft’s lending and borrowing functions despite the minting suspension.
Also read: Uniswap Labs Reaps Over $1 Million in Fees Showing Growth of Decentralized Exchanges