The decentralized finance platform R0AR disclosed a significant security breach involving a vulnerability in its staking contract, leading to a major financial loss.
Security Incident and Initial Response
According to the R0AR team, the staking contract held approximately $785,000 in assets and was compromised by a trusted external contractor. The actor utilized a backdoor to transfer funds, which were subsequently routed through Tornado Cash.
CITE_W_A Dustin Hedrick, Founder and CEO of R0AR, stated: "The developer responsible for the smart contract backdoor was not a member of the core team, but a trusted external contractor." The team confirmed that access has since been revoked and recovery efforts are underway. As of April 18, approximately 100 million of the stolen tokens had been recaptured, with only two $1R0R tokens unaccounted for.
Recovery Measures and Market Reaction
In response to the breach, R0AR initiated a buyback program involving weekly purchases from the open market. This approach was designed to mitigate volatility and support token liquidity. Following the announcement, $1R0R registered a price increase of over 250% from post-incident lows.
The team emphasized that the compromised tokens represented a limited share of the total supply and noted that treasury reserves remain secure.
Community Engagement and Strategic Direction
During a recent AMA session, Dustin Hedrick addressed the incident and outlined the team’s long-term focus on development and security enhancements.
CITE_W_A "The project has been in development for several years, and this moment, while difficult, represents a starting point for strategic rebuilding," Hedrick said. He further reiterated R0AR’s commitment to transparency and ecosystem resilience.
The incident with R0AR contributes to ongoing security concerns in the DeFi space. The swift response and containment efforts have differentiated its handling from other cases of smart contract vulnerabilities.
