Thorchain, a popular defi protocol, has been compromised twice in the last two weeks, resulting in losses of over $10,000,000. The latest exploit was discovered by a hacker who left behind a message outlining the steps that users should take to protect themselves.
Hacker Returns to the Scene for a Lecture on Security
In another blow against the Thorchain protocol, the defi network has found itself the victim of another hack after the equivalent of 4,000 ethereum (ETH) was stolen just days earlier. Thorchain, which features an automated market maker (AMM) and decentralized exchange (dex), is known for its liquidity pooling, with total value locked (TVL) currently around $101. 75 million.
This time, the attack was perpetrated against the ETH Router contract to target the Thorchain Bifrost component, resulting in more than $8 million in losses for the protocol. The hacker behind the attack claims that the vulnerability was known prior to the attack. This could have been prevented.
Programmers advise developers to avoid certain coding methods when transferring funds using Solidity, an Ethereum smart contract language. This was apparently overlooked by the team responsible, which led to an issue in the contract code for the native RUNE token.
The hacker responsible for the exploit didn’t leave the crime scene quickly. The hacker instead left behind a message that effectively trollled the protocol. The hacker found the following in tx input data:
The hacker revealed all steps required to exploit the exploit. This highlighted the protocol’s decision to not issue bounties and to hire auditors to verify code. It currently has a nine-figure TVL. While the protocol developers initially believed the hack cost them only $800,000 and was the work of a whitehat hacker, the following amounts were actually stolen:
- 966. 620 ACLX
- 20,866,664. 530 XRUNE
- 1,672,794. 010 USDC
- 56,104. 000 SUSHI
- 6. 910 YFI
- 990,137. 460 USDT
RUNE tokens have continued their decline after dipping close to 25% following the breach, with tokens currently trending around $4.17. Thorchain has issued a recovery plan for user funds that was lost in the breach, but the most significant development was Thorchain’s decision to hire security companies to audit the code, and protect the protocol from future exploits.
What do you think of this “honest hacker”? Please let us know your thoughts in the comments below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. This article is not intended to be a solicitation or offer to buy or sell any products or services. Bitcoin.com does not provide investment, tax, legal, or accounting advice. The author and the company are not responsible for any loss or damage resulting from or related to the use or reliance of any content, goods, or services mentioned here.
Read More