‘White hat hacker’ exploits THORChain’s ‘Achilles heel’ to the tune of $8M

‘White hat hacker’ exploits THORChain’s ‘Achilles heel’ to the tune of $8M

Cryptocurrencies such as Bitcoin, Ether, and hundreds of others are hot commodities in online trading, and a smart investor can make a big profit from them. However, the prospect of quick riches can blind some people to the risks and enable crooks to lure them into scams. Consider the DeFi space, for instance. Around $120 million worth of assets were looted from DeFi platforms in 2020 alone, and this year is no different.

THORChain, a popular blockchain protocol built on Cosmos, the so-called “Internet of blockchains,” is trending on Twitter after the cross-chain decentralized exchange suffered yet another exploit, amounting to around $8 million at the time of writing. Notifying its followers about the said attack, THORChain also highlighted some crucial developments post the said hack.

Apparently, the said attack was carried out by a “white hat hacker” who made an interesting demand (“request”).

The whitehat requested a 10% bounty – which will be awarded if they reach out, and they should be encouraged to do so. It is a tough time for the community and project, and the pain is real. The treasury has the funds to cover, but it's time to slow down. — THORChain (@THORChain) July 23, 2021

Needless to say, ETH transactions have been halted until the code is audited again. Curiously, as per a screenshot shared on the project’s Discord forum, the hacker in question was quick to leave behind a message too. It read,

The timing of the present incident is interesting, especially since it came soon after another exploit had affected THORChain last week. In fact, following the latter, THORChain had assured its users that the platform had been audited by multiple blockchain security companies which were given the task of locating bugs in the given network.

It’s worth noting, however, that optimism among community members remains high, with the project keen to press ahead. According to THORChain,

“There were only two options. Launch and accept the risk of issues, or not launch and stay in the 90% complete audit-review cycle for another 6 months. Both are difficult.”

Concluding that the “network is 99% there,” THORChain added,

“There’s no alternative other than pressing ahead. The outcome is worth believing in.”

With THORChain working on its staged beta launch – Chaosnet – the team behind the project was also quick to reiterate that while “nothing’s perfect, the complexity of the state machine is currently the Achilles heel.”

“… but this can be solved with more eyes on, as well as a re-think in developer procedures and peer-review.”

Needless to say, many in the community expressed their disappointment. However, Daniel Kim, Head of Capital Markets at Maple Finance believes,

“There’s a constant battle for these smart contract securities firms to keep up with hackers, that said, the DeFi industry is still nascent … these issues lead to solutions.”

(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[1]='MERGE1';ftypes[1]='text';fnames[0]='MERGE0';ftypes[0]='email';}(jQuery));var $mcj = jQuery.noConflict(true);

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

No comments yet, be the first to comment this article