THORChain suffered another hack for $8M, exactly six days after the last hack on July 23. The team announced on their Twitter handle that it was a sophisticated attack on the Ether (ETH) router and the exploit was self-limited, hinting at a white hack episode – which means that it wasn’t a malicious entity who executed the hack, but rather someone who wanted to claim bounty merely the right away. THORChain team further said that the white hack hacker had requested 10% of the bounty likely around $800K.
The whitehat requested a 10% bounty – which will be awarded if they reach out, and they should be encouraged to do so.
It is a tough time for the community and project, and the pain is real.
The treasury has the funds to cover, but it's time to slow down.
ThorChainTwitter Shenanigans
The Twitter threat further reiterated that the network would be halted until more audits and preventative security measures are in place. THORChain confirmed that the treasury had funds to cover the hack and subsidize the exploit, but rather hopes that an agreement can be reached with the white hack hacker. There’s no doubt that THORChain is an extremely complex project, promising direct L1-L1 swaps without relying on any third party or intermediary.
It is not clear what the exploit that attacked the THORChain network is. But there are a couple of theories already. PeckShield responsible for audits on the platform said that the attack didn’t result from the ETH router as claimed by the THORChain team. They said that the audit for that particular module hadn’t even started yet. and they had reported several issues already with the protocol.
The response from PeckShield came after the protocol team tried to put the blame on the auditing teams by pointing that the exploited module got an audit report by PeckShield amongst other teams. There’s little doubt that the protocol would recover and grow stronger with these attacks, however, it must be more cautious with handling such large amounts of crypto-assets locked inside the protocol. The liquidity providers need to be made whole and the project needs to slow down in rolling features and assess, before doing anything else at this point.