Thorchain, a popular defi protocol, has been compromised twice in the past two weeks, resulting in losses of over $ 10,000,000. The hacker responsible for the latest exploit left a message describing the measures that should be taken to protect users.
Hacker returns to the scene for a lecture on security
In another blow to the Thorchain protocol, the Defi network fell victim to another hack after the equivalent of 4,000 Ethereum (ETH) had been stolen just a few days earlier. Thorchain, which has an automated market maker (AMM) and a decentralized exchange (Dex), is known for its liquidity pooling with a Total Value Locked (TVL) currently around 101.75 million US dollars.
This time the attack was made against the ETH router contract to target the Thorchain Bifrost component, resulting in a loss of more than $ 8 million for the protocol. According to the hacker, who is allegedly behind the move, the vulnerability was known before the last attack and was completely preventable.
When using Solidity, the coding language used in the protocol for Ethereum Smart Contracts, programmers advise developers against using certain coding methods to transfer funds. However, this was allegedly overlooked by the responsible team, resulting in a problem in the contract code of the protocol’s native RUNE token.
The hacker behind the exploit didn’t leave the scene quickly. Instead, the malicious actor has left a message that is effectively trolling the log. In the tx input data, the hacker pointed out the following:
The hacker disclosed all of the steps required to activate the exploit and highlighted the protocol’s decision not to spend bounties or to use auditors to review code that is currently monitoring a nine-digit TVL. While the protocol developers initially believed the hack only cost them $ 800,000 and was the work of a whitehat hacker, the following amounts were actually stolen:
- 966.620 ACLX
- 20,866,664,530 XRUNE
- 1,672,794.010 USDC
- 56,104,000 SUSHI
- 6,910 YFI
- 990,137,460 USDT
RUNE tokens have continued their decline after falling nearly 25% after the breach, with tokens currently trading at around $ 4.17. While Thorchain has since issued a recovery plan to recover the user funds lost in the attack, the more important development was the decision to hire security firms to review the code and defend the Defi protocol against future, preventable exploits.
What do you think of this “honest hacker”? Let us know in the comment section below.
Photo credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer of liability: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement for any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author are directly or indirectly responsible for any damage or loss caused or allegedly caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.