Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
R0AR has been exploited, with total losses amounting to approximately $780K. According to analysis by the SlowMist security team, the root cause of the exploit was the presence of a backdoor in the contract. During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function. R0AR stated in a tweet: “At this stage, we do not believe this to be an external exploit. One nefarious developer, external to the R0AR core team, is seemingly behind the drain. They have been removed from the project with all accesses revoked.” Attack method (per SlowMist): Insider Manipulation. Reported loss: $ 780,000.
- chain
- —
- protocol
- R0AR
- bug_class
- access-control
- date_occurred
- 2025-04-16
- loss_usd
- $780,000
- source_id
- sm:r0ar::2025-04-16