Blockchain security firm PeckShield reported that the staking contract of decentralized finance (DeFi) platform R0AR was compromised, resulting in the loss of approximately 493.7 ETH—valued at around $790,000 at the time of the incident.
According to Web3 security provider Cyvers, the attacker deployed a malicious contract a day before the exploit occurred. By depositing a minimal amount—commonly referred to as “dust”—the attacker was able to exploit a vulnerability in the contract’s `emergencyWithdraw()` function, which ultimately led to the unauthorized outflow of funds.
ALERTOur system has detected a suspicious transaction involving @th3r0ar on $ETH chain.
The 1ROR/WETH pool was deployed on Ethereum with staking rewards.
Our system detected a malicious contract one day before the attack was executed.
The attacker deposited a dust amount and… pic.twitter.com/MobVYmAthe
— Cyvers Alerts (@CyversAlerts) April 16, 2025
Further analysis shows that the exploiter moved the stolen assets through several intermediary wallets and routed a portion of the funds through Tornado Cash, a privacy-focused protocol used to obfuscate transaction traces.
SlowMist, another blockchain security firm, conducted a separate investigation and identified the root cause as a backdoor embedded within the R0ARStaking contract. During the contract’s deployment, a specific address’s balance was directly manipulated via storage slot modification. This allowed the attacker to later withdraw the full balance using the emergency withdrawal mechanism.
SlowMist Security Alert
The root cause of the @th3r0ar exploit was the presence of a backdoor in the contract
During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker… pic.twitter.com/ttGgVB730B
— SlowMist (@SlowMist_Team) April 16, 2025
As of the current writing, R0AR has not issued any public statements addressing the breach or detailing potential next steps for affected users.
R0AR: What Is It?
R0AR is a decentralized finance (DeFi) platform developed to provide a secure, transparent, and cost-effective environment for a wide range of users, including cryptocurrency traders, DeFi enthusiasts, and decentralized application (dApp) developers. The platform is designed to support essential DeFi activities such as token trading, yield farming, and NFT storage, while prioritizing user privacy by eliminating the need to surrender private keys.
With an emphasis on usability, R0AR aims to deliver a mobile-optimized experience, positioning itself as a central hub within the broader R0AR token ecosystem. The platform incorporates multiple features, including staking, trading of ERC-20 tokens, and interaction with non-fungible tokens.
Through components like the R0AR Society NFTs and its native token R0AR, it enables users to access staking options, token exchanges, and exclusive reward opportunities tailored to its community.
The post Security Breach Hits R0AR Staking Contract, $790K In ETH Drained Via Malicious Exploit appeared first on Metaverse Post.
