DeFi platform Raft pauses minting of its stablecoin after acknowledging 'security vulnerability'

DeFi platform Raft paused further minting of its stablecoin known as R on Friday after it acknowledged what it said was a "security vulnerability."

"We are currently investigating and will provide an update as soon as we can," it wrote on X. "Existing users are still able to repay their positions and receive their collateral."

Users on social media pointed to onchain data that showed a presumed hacker had burnt millions worth of ether in the apparent exploit. Wintermute Head of Research Igor Igamberdiev said 6.7 uncollateralized R stablecoin had been minted and then converted into ether.

"The twist is that they converted them into ETH, which was sent to the null address," he wrote on X, detailing an apparent coding mistake. "Instead of sending ETH to the attacker, coins went to the null address, which has no private key, oops."

R stablecoin depegs

The R stablecoin depegged from its typical price of $1, falling to as low as $0.18 before recovering somewhat. It was trading for $0.78 at 6:34 p.m. ET, according to CoinGecko.

Raft did not immediately respond to a request for comment from The Block.