Thorchain is a popular defi protocol that has been breached twice in the past two weeks, causing losses of more than $10,000,000. The hacker responsible for the latest exploit left a message detailing what measures should be taken to protect users.
Hackers return to the scene to teach security
In another blow Cable chain Protocol, the defi network found itself the victim of another hack after the equivalent of 4,000 attacks Ethereum (ETH) It was stolen a few days ago. Thorchain features automated market makers (AMM) and decentralized exchanges (dex), and is known for its liquidity pool. The total value lock (TVL) is currently approximately $1017.5 million.
This time, the attack was against Ethereum The router contract for Thorchain Bifrost components resulted in a loss of more than $8 million in the agreement. According to the hacker behind this move, the vulnerability was known before the most recent attack and was completely preventable.
When using Solidity, the Ethereum smart contract coding language used in the agreement, the programmer recommends that developers not use certain coding methods to transfer funds. However, the responsible team allegedly ignored this, which caused problems in the protocol’s native RUNE token contract code.
The hacker behind the attack did not leave the crime scene quickly. Instead, the malicious actor left a message that effectively controlled the protocol. In the tx input data, the hacker pointed out the following points:
The hacker disclosed all the steps required to exploit the vulnerability, emphasizing that the agreement decided not to issue bounties or hire an auditor to check the code that currently monitors 9-digit TVL. Although the protocol developers initially believed that the hacking only cost them $800,000 and was the work of a white hat hacker, they actually stole the following amounts:
- 966.620 ACLX
- 20,866,664,530 XRUNE
- 1,672,794,010 USDC
- 56,104.000 Sushi
- 6,910 YFI
- 990,137.460 USDT
RUNE tokens continue to fall after falling by nearly 25% after the violation, and the current token trend is about $4.17. Although Thorchain has issued a recovery plan to recover the funds users lost due to the attack, the more important development is the decision to hire a security company to audit the code and protect the defi protocol from future preventable attacks.
What do you think of this “honest hacker”? Let us know in the comments section below.
Image Source: Shutterstock, Pixabay, Wikimedia Commons
Disclaimer: This article is for reference only. It is not a direct offer or invitation to buy or sell, nor is it a recommendation or endorsement of any product, service or company. Bitcoin Network Does not provide investment, tax, legal or accounting advice. The company or the author shall not bear direct or indirect responsibility for any damage or loss caused or claimed to be caused by using or relying on any content, goods or services mentioned in this article.