DeFi Exploit Results in $6.7M Loss After Auditors Fail to Detect Vulnerability

The Raft protocol, a decentralized U.S. dollar stablecoin platform, recently suffered a $6.7 million security exploit despite undergoing multiple security audits. According to the project’s post-mortem report, a hacker utilized a smart contract glitch to borrow 6,000 Coinbase-wrapped staked Ether (cbETH) on Aave, then transferred the sum to Raft and minted 6.7 million Raft stablecoins named “R”. The exploit resulted in the depegging of the R stablecoin and the unauthorized funds being swapped on decentralized exchanges for $3.6 million.

The post-mortem report cited a precision calculation issue when minting share tokens as the primary root cause of the exploit, enabling the attacker to obtain extra share tokens and leverage the amplified index value to increase the value of their shares. Despite undergoing audits by security firms Trail of Bits and Hats Finance, the vulnerabilities that led to the exploit were not detected.

Following the incident, Raft has taken steps such as filing a police report and collaborating with centralized exchanges to track the stolen funds’ flow. The project has also suspended all smart contracts, while allowing users who minted R to repay their positions and retrieve their collateral.

The Impact of Decentralized Stablecoin Exploits

Decentralized stablecoins, which are minted using users’ crypto deposits as collateral, have previously faced similar incidents. Last December, the HAY stablecoin depegged against the U.S. dollar after a hacker minted 16 million HAY without proper collateral due to a smart contract glitch. HAY has since re-pegged, partly due to the protocol’s enhanced risk management measures, including a collateralization ratio of 152% at the time of the exploit.

Response and Future Steps

Raft has informed the public about the incident and stated that they are collaborating with authorities to address the exploit. They claim to be working with exchanges to recover the stolen funds and have taken the precaution of suspending smart contracts while allowing affected users to recover their collateral.

Decentralized stablecoins play a crucial role in the DeFi ecosystem, and this incident underscores the necessity of enhanced security measures for smart contracts to minimize future vulnerabilities.


The recent exploit of the Raft protocol highlights the ongoing challenges in securing DeFi platforms, emphasizing the importance of rigorous security measures within the cryptocurrency space.

Editor Notes

For more updates on the latest news and developments in the crypto world, visit Uber Crypto News.

You might also like

Comments are closed, but trackbacks and pingbacks are open.