The hacker who hacked Thorchain deployed a special smart contract that was able to trick the bridge to the Ethereum network to receive a deposit from fake assets.
According to records on Twitter of the project’s developers, the Thorchain decentralized exchange suffered from another vulnerability. This time, the actions of the hackers cost the site about $ 8 million.
THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat.
ETH will be halted until it can be peer-reviewed with audit partners, as a priority.
LPs in the ERC-20 pools will be subsidised.
— THORChain (@THORChain) July 23, 2021
The attacker launched a special contract that tricked the Bifrost smart contract – a bridge to the Ethereum network, was able to receive a deposit from fake assets, after which the network processed the transfer of real tokens to the hacker. The developers wrote:
“Thorchain was subjected to a sophisticated attack on the ETH Router, which cost about $ 8 million. The hacker deliberately limited the damage, possibly a“ white hacker ”. ETH transfers will be stopped until the smart contract is reviewed on a priority basis by audit partners. Liquidity providers in ERC-20 pools will receive reimbursement. ”
Subsequently, the initiator of the attack requested a reward of 10%, which will be paid to him if he again contacts the developers.
“This is a difficult time for the community and the project. We have the money to cover the losses, but it’s time to slow down. Thorchain is too important to fail. The complexity of the fortune machine is the Achilles heel of the project. But this is a solvable problem, if you revise the development procedures and expert assessment, ” added
developers.
The main feature of ThorChain is its support for multiple blockchains. Last week, the exchange was hacked and hackers managed to withdraw 4,000 ETH ($ 7.6 million). After the hack, Thorchain claimed to have passed audits by several blockchain security companies to detect bugs and vulnerabilities.
“We had two options. Start up and accept the risk of problems or not start and stay in the 90% complete audit cycle for another six months. Any solution implied complexity, ”says Thorchain.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
