THORChain had a rough month. The popular decentralized liquidity protocol has reportedly lost $8 million worth of Ether [ETH] in yet another exploit. The perpetrators now claim that they intentionally minimized the damage to teach THORChain a lesson.
This is the third time that the platform had suffered an exploit of multi-million dollars. However, the latest attacks seem to have been carried out by a white-hat hacker because they claimed to have made less impact than they could have done.
The team behind THORChain announced on Twitter that the perpetrator had carried out a “sophisticated attack” earlier this morning who used their own contract to trick the protocol’s Bifröst protocol into receiving a deposit of fake assets without adding any funds to the protocol.
THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat.
ETH will be halted until it can be peer-reviewed with audit partners, as a priority.
LPs in the ERC-20 pools will be subsidised.
— THORChain (@THORChain) July 23, 2021
The hacker appears to be sympathetic towards the platform claiming that they could have siphoned off more than $8 million. A screenshot made rounds showing a message in one of the transaction’s input data that alleged THORChain was riddled with multiple critical issues that needed to be fixed.
“Could have taken ETH, BTC, LYC, BNB, and BEP20s if waited Wanted to teach lesson minimizing damage. Multiple critical issues. 10% VAR bounty would have prevented this. Disable until audits are complete. Audits are not a nice to have. Do not rush code that controls 9 figures.”
THORChain: What now?
A back-to-back run of exploits on THORChain has amplified the impact of the latest attack. Since the first incident, several blockchain security companies have been tasked with locating bugs in a given network.
The project will return stronger, meaner and badder. Happy to earn the stripes.
Automatic solvency and safety checks, love monitoring and more.
The finish line is close. We can all see it. Let's get it. $RUNE
— THORChain (@THORChain) July 23, 2021
The exchange conceded that it plans to keep the network chain halted while reviewing all chain clients both internally and externally and also work towards restoring solvency and restart the network once “everyone [is] satisified.” In addition to that, THORChain also revealed its next steps to team up with liquidity provider, Nine Realms on a continual Bounty Program, and the New York-based blockchain cybersecurity provider, Halborn on Red Team Ops, and complete all ongoing audits.
It had also tweeted,
“A lot of people seem to want to see THORChain fail. This is quite sad. But for anyone involved, it’s clear the network is “99% there”. A solid month or two of audit-review is the focus to achieve 99.99% [nothing is perfect].”
RUNE crashes again
Similar to the prior attacks, RUNE shed significant gains this time as well. The native token of THORChain crashed by 16.71% over the past 24-hours and was currently trading at $3.7.
