DeFi lending platform Raft stops minting after security breach and theft of over 1500 ETH

The DeFi lending platform Raft has halted the minting of its R stablecoin due to a security breach that resulted in the loss of a significant amount of Ethereum (ETH).

The breach involved the unauthorized creation of R tokens and the draining of liquidity from automated market makers, along with the withdrawal of collateral from the protocol. This incident caused the R stablecoin's value to plummet from its pegged $1 to as low as $0.04, as reported by CoinGecko.

Raft acknowledged the breach and highlighted the platform's ongoing efforts to secure its operations and reestablish stability. Despite the suspension of minting, R holders are still able to repay loans and access their collateral. The breach led to the extraction of 1577 ETH by the hacker, who had initiated the attack with just 18 ETH from Tornado Cash, a controversial crypto mixer. However, due to a coding error, 1570 ETH was inadvertently sent to an unrecoverable null address, leaving the hacker with only 7 ETH.

The attacker minted 6.7 million unbacked R tokens, worth an estimated $6.7 million, and attempted to exchange them for ETH. Unfortunately for the hacker, the ETH was also sent to the null address due to the coding mistake.

Raft is conducting a thorough investigation and has vowed to keep its users informed about the situation and potential compensation from its treasury reserves. The lending and borrowing services of Raft remain operational for existing R holders despite the temporary suspension of the stablecoin's minting process.