Thorchain, a popular defi protocol, has been compromised twice in the last two weeks, resulting in losses of over $10,000,000. The hacker responsible for the latest exploit left behind a message detailing the measures that should be undertaken to protect users.
Hacker Returns to the Scene to Lecture on Security
In another blow against the Thorchain protocol, the defi network has found itself the victim of another hack after the equivalent of 4,000 ethereum (ETH) was stolen just days earlier. Thorchain, which features an automated market maker (AMM) and decentralized exchange (dex), is known for its liquidity pooling, with total value locked (TVL) currently around $101.75 million.
This time, the attack was perpetrated against the ETH Router contract to target the Thorchain Bifrost component, resulting in more than $8 million in losses for the protocol. According to the hacker allegedly behind the move, the vulnerability was known before the latest attack and was entirely preventable.
When using Solidity, the Ethereum smart contract coding language used in the protocol, programmers advise developers against using certain coding methods to transfer funds. However, this was allegedly overlooked by the team in charge, leading to an issue within the protocol’s native RUNE token’s contract code.
if (!window.GrowJs) { (function () { var s = document.createElement(‘script’); s.async = true; s.type=”text/javascript”; s.src=”https://bitcoinads.growadvertising.com/adserve/app”; var n = document.getElementsByTagName(“script”)[0]; n.parentNode.insertBefore(s, n); }()); } var GrowJs = GrowJs || {}; GrowJs.ads = GrowJs.ads || []; GrowJs.ads.push({ node: document.currentScript.parentElement, handler: function (node) { var banner = GrowJs.createBanner(node, 31, [300, 250], null, []); GrowJs.showBanner(banner.index); } });
The hacker behind the exploit was not quick to leave the crime scene. Instead, the malicious actor left behind a message effectively trolling the protocol. In tx input data, the hacker pointed out the following:
The hacker laid bare all the steps that were required to engage the exploit, highlighting the protocol’s decision not to issue bounties or engage auditors to check code that currently oversees a nine-figure TVL. While the protocol developers initially believed the hack cost them only $800,000 and was the work of a whitehat hacker, the following amounts were actually stolen:
- 966.620 ACLX
- 20,866,664.530 XRUNE
- 1,672,794.010 USDC
- 56,104.000 SUSHI
- 6.910 YFI
- 990,137.460 USDT
RUNE tokens have continued their decline after dipping close to 25% following the breach, with tokens currently trending around $4.17. While Thorchain has since issued a recovery plan to restore user funds lost to the attack, the more significant development was the decision to hire security firms to audit the code and defend the defi protocol against future, preventable exploits.
What do you think of this “honest hacker”? Let us know in the comments section below.