THORChain has been once again schooled by hackers who managed to take a further US$8 million in this latest attack, bringing the total losses to US$13 million for the month. The cross-chain crypto token exchange platform manages US$100 million in funds.
The “helpful” hackers were kind enough to leave a note explaining THORChain’s weaknesses and cautioned that the result could have been far more damaging had they gone for the vault (BTC, ETH and BNB). They added:
“Do Not Rush Code That Controls 9 Figures”
About the Exploit
THORChain stated that a hacker (or hackers) deployed a custom contract that was able to trick its Bifrost Protocol into receiving a deposit of fake assets, duping the network to mistakenly process refunds of real assets back to the hacker. The breach was a highly “sophisticated attack” and the hacker has requested a bounty of 10 percent of the funds stolen for services rendered.
The network has responsibly ceased operating until the code can be reviewed and deemed secure before launching again. A harsh and expensive lesson, perhaps, but events such as this are part and parcel of DeFi (decentralised finance) as the space is still in its infancy in the untamed wild west.
There were really only two options. Launch and accept the risk of issues, or not launch and stay in the 90 percent complete audit-review cycle for another six months. Both are difficult.Thorchain spokesperson
Earlier this month, THORChain lost US$4.9 million in Ethereum drained in a previous attack. Daniel Kim, head of capital markets at Maple Finance, said: “There’s a constant battle for these smart contract securities firms to keep up with hackers. That said, the DeFi industry is still nascent … these issues lead to solutions.”
The price of $RUNE fell 17 percent on the day as a result. It had been trading as high as US$20 in May, though the current value is bouncing around the US$4 mark, down over 80 percent from its peak.
Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.