A Hattrick of Attacks: Thorchain (RUNE) Exploited, Yet Again, for $8 Million

Decentralized exchange (DEX) Thorchain suffered a “sophisticated” attack that led to a loss of about $8 million just a week after being exploited for $5 million. This year alone, the exchange has been attacked three times.

This time, the attack was on the ETH Router, and a whitehat hacker deliberately limiting their impact.

As a result, the network halted the ETH Router until it could be peer-reviewed by audit partners on priority. The exchange announced that liquidity providers (LPs) in the ERC-20 pools would be subsidized.

“Thorchain has had a horrible month, not going to sugar coat it. Bleh. The project needs to slow down. Time to take the tortoise strategy. Regardless, I remain a committed supporter and am glad these issues are being discovered during chaosnet,” said Erik Voorhees, CEO of cryptocurrency exchange ShapeShift, which recently announced the dissolution of the company to become a DAO.

The team said the plan is to keep the network chain halted and review all chain clients internally and externally. Once solvency is restored and everyone is satisfied, then restart it.

Thorchain further assured from Twitter that no loss had been suffered by LPs to date, with the treasury bearing the burden. The team noted that while a painful lesson, “that’s what was chosen when Chaosnet was launched.”

THORChain gives its LPs the First Class treatment.

– Insures their funds
– Pays them block rewards whilst the network is halted

There’s nothing quite like it.

— THORChain (@THORChain) July 23, 2021

Thorchain further shared on Twitter that it will be awarding the whitehat hacker the requested 10% bounty if they reach out, which they encourage them to do so.

According to a message shared in the project’s Discord, the hacker claimed to have deliberately minimized the exploit to teach Thorchain a lesson, saying they could have stolen Bitcoin (BTC), Ether (ETH), Binance Coin (BNB), Lycancoin, and many BEP-20 tokens if they had wanted to.

BTC 1.09%

Bitcoin / USD
BTCUSD

$ 32,609.33

$355.44
1.09%

Volume 20.07 b


Change $355.44


Open $32,609.33


Circulating 18.76 m


Market Cap 611.9 b

7 h
Bitcoin Depot Deploys Over 700 Crypto ATMs Across Circle K Stores


8 h
AAVE Reveals its TradFi Arm, Aave Arc, Which Will Be Governed by its Token Holders


8 h
A Hattrick of Attacks: Thorchain (RUNE) Exploited, Yet Again, for $8 Million

ETH 1.28%

Ethereum / USD
ETHUSD

$ 2,044.61

$26.17
1.28%

Volume 14.94 b


Change $26.17


Open $2,044.61


Circulating 116.81 m


Market Cap 238.84 b

6 h
Ethereum Draws Closer to PoS Migration With EIP-3675 Launching on GitHub


7 h
Reddit Is Building on Ethereum Scaling Solution Arbitrum


8 h
AAVE Reveals its TradFi Arm, Aave Arc, Which Will Be Governed by its Token Holders

BNB -1.80%

Binance Coin / USD
BNBUSD

$ 289.13

-$5.20
-1.80%

Volume 1.74 b


Change -$5.20


Open $289.13


Circulating 168.14 m


Market Cap 48.61 b

8 h
A Hattrick of Attacks: Thorchain (RUNE) Exploited, Yet Again, for $8 Million


1 w
Investors Seeking Diversification in Crypto with Multi-Asset Products Recording Largest Inflows: CoinShares Report


1 w
Ethereum Scaling Solutions Continue to Record User Growth in Ongoing Boring Market Condition

The hacker further said they found “multiple critical issues” and that a 10% bug bounty could have prevented the incident.

“Do not rush code that controls nine figures,” the hacker said, “Disable until audits are complete.”

In April, Thorchain finally launched its multi-chain Chaosnet after three long years of development.

“The complexity of the state machine is currently its Achille’s heel, but this can be solved with more eyes on, as well as a re-think in developer procedures and peer-review.”

This hack resulted in RUNE’s price dropping 26.5%, recovering to about $4, down 82% from its May peak of nearly $21.

The post A Hattrick of Attacks: Thorchain (RUNE) Exploited, Yet Again, for Million first appeared on BitcoinExchangeGuide.