After more than $10 million was stolen through an exploit on the Rari Capital decentralized financial protocol, the platform is forming a plan to compensate affected users.
On Monday, May 10th, Rari founder Jai Bhavani made a Medium post explaining that the protocol’s developers had agreed to return the 2 million Rari Governance Tokens (RGT) that were designated as developer incentives to victims of the exploit. The total funds allocated for reimbursement are worth over $26 million.
A schedule for distribution has yet to be determined; still, tRGT token holders are still eligible to claim a share of the DAO’s stablecoin reserves, which include 8.7 million RGT worth $121.8 million. The 8.7 million tokens represent roughly 1 percent of RGT’s total supply.
According to a report from CoinTelegraph, Rari “automates yield farming by rebalancing users’ funds and pools.” The official postmortem of the attack, which was published on Sunday, May 9th, explained that more than 2,600 ETH was lost. The sum was equivalent to roughly 60% of all user funds in the Rari Capital Ethereum Pool at the time.
Thank you to everyone for joining the @RariCapital community call.
Wrote up some notes and we will have a full recording of the call soon: https://t.co/X6lUypuK63
The official post-mortem of the attack explained that an attacker manipulated a smart contract to withdraw more funds than had been deposited. The hacker took out a flash loan of ETH tokens from the dYdX exchange, using the ETH to repeatedly deposit and make withdrawals, eventually draining the pool of $10 million in ETH tokens.
The exploit has caused the price of RGT tokens to drop significantly: RGT were trading at roughly $17.40 for much of Saturday. However, approximately one hour after the exploit, the price fell to roughly $9.10. At press time, the price of RGT had recovered to around $13.50.
Following the Bhavani reiterated that Rari is a “fair launch” project–it did not raise money from venture capital firms. He added that the concept of a “Rari Team” has been disbanded. Instead, the protocol will operate with “contributors” to the protocol in addition to token holders.
According to CoinTelegraph, Rari isn’t the only exploited DeFi platform seeking to reimburse users after an exploit. Following an exploit earlier this year, cross-chain DeFi protocol EasyFi announced that 25% of lost funds will be distributed to users immediately in the form of stablecoins, while the remaining 75% will be distributed as “IOU” tokens redeemable for EZ v2 tokens.