The defi platform Raft has temporarily suspended the minting of its R stablecoin due to a security vulnerability that resulted in a substantial loss.
The company is currently investigating the incident and has promised to keep its users updated. Existing users, however, can continue with loan repayments and collateral retrieval.
Raft co-founder David Garai confirmed the attack on their platform, which saw the assailant minting R tokens and draining automated market maker liquidity while withdrawing collateral from Raft concurrently.
The defi lending platform issues the R stablecoin collateralized by liquid staking ETH derivatives. According to Garai, the company is now focused on securing its users’ operations and restoring stability to its platform.
The disruption caused the R stablecoin to significantly drop its price from $1 to $0.18. Per CoinGecko, at the time of writing, the cryptocurrency was trading at $0.057965, which is 92.3% below its previous level.
According to on-chain analysts, a hacker allegedly exploited the system, resulting in the burning of a significant amount of ether (ETH).
However, a twist of fate saw the hacker presumably suffering a setback due to a coding error. The ether, instead of directing to the hacker’s address, was sent to a null address, making them irretrievable.
The on-chain data shows the hacker drained 1,577 ETH from Raft and then sent 1,570 ETH to a burn address.
The exploiter’s crypto wallet was left with just 7 ETH, a net loss compared to a reported 18 ETH initially funded via the sanctioned crypto mixer service, Tornado Cash.
Igor Igamberdiev, the Head of Research at Wintermute, noted that the hacker minted 6.7 uncollateralized R stablecoin and converted it into ether.
However, due to the coding error, the ether ended up in the null address.