The Raft Protocol Exploit: A Hacker’s Miscalculation Leads to Major Loss

Sentinel Protocol Team
Sentinel Protocol
Published in
3 min readDec 1, 2023

A couple of weeks ago, the cryptocurrency community witnessed a peculiar and complex exploit within the Raft Protocol, a decentralized finance (DeFi) platform operating on the Ethereum network. This incident, now widely referred to as the “Raft Protocol Exploit,” stands out not just for its technical intricacy but also for its unusual outcome: the hacker suffering a net loss.

The Exploit Details

The breach centered around the Interest Rate Posman (IRPM) contract (0x9AB6b21cDF116f611110b048987E58894786C244). An unidentified bad actor manipulated this contract to illegitimately mint 6.7 Million R stablecoin tokens. These tokens were swiftly swapped for 1577 Wrapped Ethereum (WETH), as detailed in the transaction with ID 0xfeedbf51b4e2338e38171f6e19501327294ab1907ab44cfd2d7e7336c975ace7.

However, the hacker overlooked a crucial aspect of another smart contract, pivotal for converting these coins into Ethereum (ETH) and transferring them to their address. This contract employed ‘delegatecall,’ a function that utilizes the storage of the parent contract. Notably, the hacker’s wallet address was not initialized in this contract’s storage. Consequently, a staggering 1570 out of the 1577.57 ETH were inadvertently sent to a null address, effectively burning the majority of the stolen funds.

The remaining 7.57 ETH was transferred to the exploiter’s address (0xc1f2b71A502B551a65Eee9C96318aFdD5fd439fA). These funds, along with the hacker’s initial funds, were later detected entering the TornadoCash mixer, a platform used for obfuscating the origins of cryptocurrency transactions (transaction ID: 0x6fbc085e6b1ddce157a8b06978623b4b60db176e101f7f85215190bb28a21e3d).

Image captured from the Crypto Asset Monitoring Service (CAMS) Dashboard.

Analysis and Community Reaction

This case has been extensively analyzed by cybersecurity experts and the cryptocurrency community. Sources such as FrankResearcher’s Twitter account and details from Neptune Mutual’s blog provided insights into the technical aspects of the exploit. Moreover, our research team at Uppsala Security created a CAMS (Crypto Asset Monitoring Service) case report, the case’s dashboard offering a comprehensive overview of the incident.

The uniqueness of this exploit lies not only in its technical execution but in its financial outcome. Typically, hackers execute these attacks for financial gain, but in this case, the exploiter ended up with a net loss of approximately 4 ETH. This unexpected turn of events has sparked discussions and analyses in various online forums and social media platforms, with many speculating about the hacker’s motives and potential miscalculations.

The Raft Protocol Exploit serves as a reminder of the complexities and risks inherent in DeFi platforms and smart contracts. It also underscores the need for robust security measures and continuous vigilance in the cryptocurrency space. While the financial loss to the hacker might be a deterrent to similar future attacks, it also highlights the unpredictable nature of such exploits and the need for ongoing research and development in blockchain security.

References

  1. Twitter post by FrankResearcher: https://twitter.com/FrankResearcher/status/1723099971824582713
  2. Neptune Mutual’s blog post on the Raft Protocol Exploit: https://neptunemutual.com/blog/how-was-raft-protocol-exploited
  3. Uppsala Securityl’s CAMS dashboard and case report: https://portal.sentinelprotocol.io/cams-dashboard/7dbe6568-c57a-49ee-ba1a-73820777bbd7

If you have any details about the Raft Protocol case or if you would like to cooperate with our team on this investigation, please reach out by filling in this contact form.

About Uppsala Security

Uppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.

Uppsala Security is headquartered in Singapore, and has branch offices in Seoul, South Korea and Tokyo, Japan. You can follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium.

Disclaimer: This article is meant for informational purposes only and does not constitute financial or legal advice. Always conduct your own research and consult professionals directly.

--

--

Sentinel Protocol Team
Sentinel Protocol

Operating on blockchain technology, Sentinel Protocol harnesses collective cyber security intelligence to protect crypto assets against hackers, scams and fraud