Rari Capital
HackedDeFi · $RGT · born 2020 · ✝ 2022
Drained repeatedly via reentrancy, the worst hit ~$80M.
Rari Capital ran Fuse, a permissionless lending platform on Ethereum and Arbitrum that let anyone spin up isolated money-market pools. It was exploited multiple times, with an April 2022 flash-loan reentrancy attack draining roughly $80M from its Fuse pools.
- Peak
- ~$80M stolen (largest hit)
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
Attackers used flash loans to trigger reentrancy in the lending logic, borrowing against balances that had not yet updated, and the protocol suffered multiple exploits before winding down.
📓 Lessons left behind
- —Apply checks-effects-interactions on every external call.
- —Permissionless pool creation multiplies your attack surface.
- —Repeated exploits are a verdict, not bad luck.
🌱 The idea that survived
Reentrancy guards
Reinforced the audited withdrawal patterns and reentrancy locks now standard in lending code.
#defi#flash-loan#reentrancy