Cross-chain DeFi protocol ThorChain suffered an exploit in the early hours, resulting in the loss of $8 million.
At present, details of the incident are still under investigation. But devs believe this to be a “whitehat” attack. Meaning, it was done to highlight security vulnerabilities. As such, the team is hopeful for a return of funds.
Nonetheless, as the second such attack in a week, serious questions are being asked over the safeguards in place.
ThorChain under fire
According to Thorchain, the attacker’s point of attack centered around exploiting a vulnerability on the “ETH Router.”
“THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat. ETH will be halted until it can be peer-reviewed with audit partners, as a priority. LPs in the ERC-20 pools will be subsidised.“
The ETH router controls the movement of Ethereum-based tokens through ThorChains’s cross-chain decentralized exchange.
Earlier this month, ThorChain published an article titled “Post-mortem: ETH Router Upgrade,” in which they detailed the discovery of an ETH Router vulnerability by a whitehat hacker.
The piece says that the bug relates to ERC-777 tokens, which allow more complex functions than the standard ERC-20 tokens, in which a “hook” brings in a secondary deposit into the router. This vulnerability allows hackers to “double dip,” enabling the user to be credited with more than they should be.
After the discovery of the bug, ThorChain said they issued a patch to upgrade the router.
The precise details of this latest attack haven’t yet been disclosed. However, it’s discouraging to learn that the ETH Router, which they supposedly upgraded, was the point of vulnerability.
The attacker left a message saying they could have taken more than they did. According to Thorchain, they requested a 10% bounty, which they are willing to pay.
In response, the firm said they had ceased ETH Router functioning pending a review by audit partners.
$5 million also lost earlier this month
Just over a week ago, ThorChain suffered an attack in which hackers stole $5 million – a total of 2,500 Ether was taken by the hackers.
This attack was an exploit of the Bifröst Protocol, which ThorChain uses for the purposes of cross-chain compatibility.
In assessing the attack, ThorChain said the attacker had managed to trick Bitfrost using a “custom wrapper contract.” This allowed them to withdraw funds without sending any in the first place.
The frequency of attacks on the ThorChain network has raised concerns within the crypto community about its viability. Nonetheless, ThorChain remains defiant in saying this won’t break the project or change its vision.
The post DeFi darling ThorChain (RUNE) suffers $8m hack, its second in a week appeared first on CryptoSlate.
Source: DeFi darling ThorChain (RUNE) suffers m hack, its second in a week