bitcoinexchangeguide.com
Decentralized exchange (DEX) Thorchain suffered a “sophisticated” attack that led to a loss of about $8 million just a week after being exploited for $5 million. This year alone, the exchange has been attacked three times. This time, the attack was on the ETH Router, and a whitehat hacker deliberately limiting their impact. As a result, the network halted the ETH Router until it could be peer-reviewed by audit partners on priority. The exchange announced that liquidity providers (LPs) in the ERC-20 pools would be subsidized. “Thorchain has had a horrible month, not going to sugar coat it. Bleh. The project needs to slow down. Time to take the tortoise strategy. Regardless, I remain a committed supporter and am glad these issues are being discovered during chaosnet,” said Erik Voorhees, CEO of cryptocurrency exchange ShapeShift, which recently announced the dissolution of the company to become a DAO. The team said the plan is to keep the network chain halted and review all chain clients internally and externally. Once solvency is restored and everyone is satisfied, then restart it. Thorchain further assured from Twitter that no loss had been suffered by LPs to date, with the treasury bearing the burden. The team noted that while a painful lesson, “that's what was chosen when Chaosnet was launched.” [blockquote_with_author name="Erik Voorhees" position="CEO of ShapeShift"] “To be fair here, ultimately, the real test always has to happen in public, with real money involved. Everything else is just playing. No public money has been lost, as the treasury of the project is covering these hacks. That doesn't mean it's okay, though.” [/blockquote_with_author] https://twitter.com/THORChain/status/1418496276476301312 Thorchain further shared on Twitter that it will be awarding the whitehat hacker the requested 10% bounty if they reach out, which they encourage them to do so. According to a message shared in the project’s Discord, the hacker claimed to have deliberately minimized the exploit to teach Thorchain a lesson, saying they could have stolen Bitcoin (BTC), Ether (ETH), Binance Coin (BNB), Lycancoin, and many BEP-20 tokens if they had wanted to. [coin_stats_table symbol="BTC"][coin_stats_table symbol="ETH"][coin_stats_table symbol="BNB"] The hacker further said they found “multiple critical issues” and that a 10% bug bounty could have prevented the incident. “Do not rush code that controls nine figures,” the hacker said, “Disable until audits are complete.” In April, Thorchain finally launched its multi-chain Chaosnet after three long years of development.
“The complexity of the state machine is currently its Achille's heel, but this can be solved with more eyes on, as well as a re-think in developer procedures and peer-review.”
This hack resulted in RUNE’s price dropping 26.5%, recovering to about $4, down 82% from its May peak of nearly $21. [deco-beg-single-coin-widget coin="RUNE"]