On the 9th of April, 2021, a DeFi lending platform called Raft was hacked for over 13,000 ETH (approximately worth $3.3 Million). Following the incident, the attacker apparently burned most of the stolen ETH from the address consisted of 13,202 ETH.
The hack occurred when one of the platform’s smart contracts was exploited, allowing the attacker to withdraw funds from multiple wallet addresses. The funds were then sent into a single address, all of which was tracked 25 minutes later. Immediately after the incident took place, the attacker sent a large amount of funds to a second address, though it was unclear if any of the stolen funds were converted to stablecoins.
The Raft team stated that no user funds were lost. They also explained that the hack was only possible because certain administrative functions of the platform were exposed to the attacker, such as the ability to view private keys and impersonate users.
Raft has since started a bounty program in order to find out how the attacker was able to exploit the platform, offering up to $50,000 in rewards to anyone who can provide information.
Although the attacker was not able to make off with all of the funds, the incident shows that, even with DeFi and smart contracts, there is still a risk of attack when it comes to digital money. Security is always a priority, regardless of whether your funds are stored on an exchange or hosted on a smart contract platform.