After a $10 million exploit over the weekend, decentralized finance (DeFi) protocol Rari Capital is now formulating a plan to compensate victims. Based on an official postmortem of the attack that was published on May 9, this platform lost 2,600 ETH which translates to 60% of all users’ funds in its Rari Capital Ethereum Pool.
Rari is known to automate yield farming by expertly rebalancing users’ funds and pools. On May 10, 2021, Rari founder Jai Bhavnani posted an update. According to this update, all of the protocol’s contributors had voted to return the 2 million RGT tokens initially set for developer incentives back to this project’s decentralized autonomous organization (DAO) to pay back users affected by the hack.
While the exact distribution plan is still in discussion by Rari Capital’s developers and community, Jai noted that tRGT token holders will qualify to claim a share of the DAO’s stablecoin reserves in a May 10 community call. Up to $26 million worth of the project’s governance token might be distributed among the users affected by the hack that reportedly drained $10 million from the protocol over the weekend.
The DAO, for now, holds 8.7 million tokens RGT worth $121.8 million. That amount equates to nearly 1% of RGT’s supply. With the Rari Governance Token, today trading at $13.36 according to Coingecko data, the total funds that were allocated to this reimbursement process are worth around $26.7 million at the time of publication.
RGT prices dumped nearly 44% after this hack, plunging from $18 to $10 within an hour. Jai said that the protocol was launched as a fair project that did not sell any tokens or raise money from venture capital. He also stated that the concept of a Rari Team has been disbanded and there are now just contributors and token holders.
How The Attack Happened
The Rari Capital Ethereum Pool is known to deposit Ether into Alpha Finance’s ibETH token which is one of its yield-generating strategies. In this case, the attacker manipulated the contract to and withdraw more funds than they had initially deposited. Then, a flash loan was taken out from the dYdX exchange to deposit ETH and male repeated withdrawals, draining the pool in the process.
The Rari Capital exploit comes after several recent high-profile hacks that happened in the decentralized finance sector. They include EasyFi which lost as much as $60 million on April 20 and ForceDAO losing $367,000 in early April.
Notably, Rari is not the only protocol that is seeking to compensate its users. Cross-chain DeFi protocol EasyFi announced that 25% of lost funds would be distributed to the users instantly in the form of stablecoins, while the remaining 75% will get distributed as “IOU” tokens redeemable for the EZ v2 tokens.