Ethereum DeFi Project Rari Capital Hacked for $11M—But It Plans to Make It Right

By Will Gottsegen

On Saturday, a company called Rari Capital announced that $11 million in Ethereum was stolen from its platform. According to a note, the amount represented “60% of all users’ funds.”

Now, Rari plans to set aside 2 million RGT (the project’s governance token) to compensate the users who lost money in the hack.

Rari Capital is a crypto fund under the heading of DeFi, or decentralized finance. It’s a non-custodial fund—meaning it runs on code that handles your money for you, as opposed to a banker or investment manager. The idea is that if you entrust Rari with your crypto, these algorithms will juice your gains (the company describes itself as a “robo-advisor for maximizing yield”).

For Rari, the RGT token works a little like a voting share in a traditional company. It’s also spawned a secondary market: in the wake of Saturday’s hack, the price of RGT dipped around 50%.

At today’s prices (one RGT is back up to $12.42, though it’s been fluctuating wildly), the planned 2 million RGT donation comes in at $24 million—more than enough to cover the $11 million stolen from Rari’s users.

In a note, Rari CEO Jai Bhavnani said that Rari team members would be sacrificing their RGT allocations and putting them toward the reimbursement.

DeFi protocols are famously risky investments. DeFi “rug pulls,” a type of exit scam, were the most common type of crypto fraud scheme in 2020, according to data from the blockchain analytics firm Chainalysis.

DeFi ‘Rug Pulls’ Were Crypto’s Top Fraud Scheme in 2020: CipherTrace

Devotees of DeFi, however, like that it takes banks out of the picture, but one of the nice things about banks is that they tend to keep your money safe; when a DeFi protocol’s code gets exploited, it’s on majority token-holders to decide whether to reimburse the victims.

In this case, the hackers were able to extract ETH from Rari by manipulating the code around an affiliated DeFi protocol, Alpha Finance. Rari claims the code was previously audited by a blockchain security company called Quantstamp, but says “they were not aware” of the exploit.

Says Bhavnani: “Countless protocols get hacked each year and it is a matter of how the community and the protocol that determines the future of the project.”