Poloniex owned by Justin Sun suffered hundreds of millions of dollars stolen

Last week, two major security incidents occurred.

First, at around 19:00 Beijing time on November 10, EagleEye, a subsidiary of Beosin, detected that large amounts of assets continued to be transferred out of the Poloniex-related addresses owned by Justin Sun, which was suspected to be stolen.

Related address: https://eagleeye.space/address/0x0A5984f86200415894821bFEFc1c1De036DbF9e7

Soon after, Justin Sun and Poloniex released an announcement on social media to confirm the theft. According to Beosin Trace tracking by the Beosin security team, the total amount of stolen assets from Poloniex is about 114 million US dollars.

The Poloniex hacker dispersed the stolen tokens to various addresses for exchange and deposited them in different addresses. Around 20:30 on November 10, the attacker had exchanged the stolen tokens for more than $30 million in ETH on the Ethereum chain and stored them in various addresses. The stolen funds on the TRON chain had also been transferred to more than $20 million in TRX and stored in various addresses, and the exchange and transfer were still ongoing. The fund transfer details are shown in the figure below.

Beosin Trace tracks funds statistics

After the attack, Justin Sun also posted a message, advising the hacker to "refund" as soon as possible and was willing to give out 5% of the assets as a white hat reward. The hacker did not respond.

Coincidentally, on the next day, November 11, 2023, Beosin's EagleEye platform detected that the IRPM contract of the Raft project on the Ethereum chain was hacked, and the project party lost approximately $3,407,751. This attack was relatively complex, and the Beosin security team will share the detailed analysis results as follows.

Related Addresses:
https://eagleeye.space/address/0xc1f2b71A502B551a65Eee9C96318aFdD5fd439fA

Information about Raft project security incidents

Attack transactions

0xfeedbf51b4e2338e38171f6e19501327294ab1907ab44cfd2d7e7336c975ace7

●Attacker address

0xc1f2b71A502B551a65Eee9C96318aFdD5fd439fA

●Attack contract

0x0A3340129816a86b62b7eafD61427f743c315ef8

0xfdc0feaa3f0830aa2756d943c6d7d39f1d587110

●Attacked Contract

0x9ab6b21cdf116f611110b048987e58894786c244

Raft Project Security Incident Vulnerability Analysis

The main reason is that the attacker used flash loans to manipulate the pledge rate, and the coin minting calculation method was rounded up. The attacker used the manipulated pledge rate to amplify the effect of rounding up, resulting in a small amount of pledge being able to borrow a large amount of assets.

Attack Process

Attack preparation phase:

1. The attacker attacked the contract and borrowed 6001 cbETH in AAVE using a flash loan to donate and manipulate interest rates.

The attacker then liquidated his own loans on IRPM.

The liquidation is divided into two stages. In _closePosition, the attacker burned half of the rcbETH-d in the contract (rcbETH-d is the debt token of the raft project, and rcbETH-c is the pledged asset token).

After the _closePosition function ends, the second stage will call _updateDebtAndCollateralIndex to update the new lending rate.

The total amount of debt here has been reduced by half by the attacker through previous liquidations.

Since balanceof(address.This) is used as a parameter in the interest rate update of the pledged asset in .raftCollateralToken.setIndex, the 6001 cbETH borrowed by the attacker through the flash loan can be directly transferred to the contract for control. It can be seen that 6001 of the total 6003 cbETH have not been updated.

Although there is permission control in the setIndex function of the token cbETH, the new interest rate is calculated by dividing the total amount of tokens by the backingAmount controlled by the attacker. The attacker uses the permissions of the attacked contract (IRPM) and passes in abnormal parameters, causing the storedIndex to expand to 67*10^36 (expanded by 67*10^18).

2. After the collateral rate was manipulated, the attacker used another attack contract 0xfdc0feaam to cast multiple cbETH into rcbETH-c. The minting function here uses the rounding up method. Since the storedIndex above is enlarged by 67*10^18, the number of coins minted will be reduced by 67*10^18 times. However, since the minting function uses the rounding up method, the coin minting ratio that should have been 1:1/(67*10^18) has become 1:1, which is equivalent to the collateral value being enlarged by 67*10^18 times.

3. After multiple mints, the attacker had 10,050 rcbETH-c and started borrowing. (The amount of debt rcbETH-d for these multiple mints was 3000 and remained unchanged).

4. After adding a large amount of rcbETH-c, the attacker first borrows the money needed to repay the flash loan

After that, the lending income in the form of R tokens totaled 6,705,028.

Afterwards, 3,300,000 Rtokens were exchanged, and finally 1,575 ETH were exchanged, but the eth was transferred to the 0 address when it was exchanged.

Of the remaining 3,322,460 Rtokens, 1,442,460 were left in the account, and the remaining 1,900,000 were transferred to the attack contract and exchanged for 127 ETH from the attacker.

Raft Project Security Incident Fund Tracking

As of the time of writing, a total of $3,407,751 was stolen from the Raft project's IRPM contract, of which 3,140,000 worth of ETH was mistakenly transferred to address 0 by the attacker, and the remaining profits were sold in batches by the attack contract for $267,751.

Summarize

Regarding the Poloniex security incident, Beosin reminds wallets or project parties to keep their private keys safe. Regarding the IRPM contract security incident of the Raft project, the Beosin security team recommends: 1. The calculation of key functions such as the pledge rate is performed through oracle quotes. 2. When calculating coefficients, multiply first and then divide, and try to avoid using rounding up. At the same time, we recommend that a professional security audit company conduct a comprehensive security audit before the project goes online.