Possible ‘white hat hacker’ exploits THORChain for $8M, proposes 10% bounty

The white hat hacker claims to have mercifully minimized the damage of their $8 million exploit in a bid to teach THORChain a lesson.

Cross-chain decentralized exchange THORChain has suffered its second multimillion-dollar hack in as many weeks, with $8 million worth of Ether impacted.

However, the attack appears to have been carried out by a white hat hacker, with THORChain announcing the perpetrator had requested a 10% bounty. ETH will be halted until the code has been audited.

Liquidity providers impacted by the exploit will be subsidized using the project’s treasury funds.

The exchange — which is still in the middle of a staged beta launch called Chaosnet — conceded that the “complexity” of its state machine comprises THORChain’s “Archille’s heel,” however asserted that its issues “can be solved with more eyes on, as well as a re-think in developer procedures and peer-review.”

A screenshot shared from the project’s Discord forum appears to show a message forwarded to the project by the hack via transaction data.

The hacker claims they deliberately minimized the damage from the exploit in a bid to teach THORChain a lesson, stating: “Do not rush code that controls 9 figures,” and “Disable until audits are complete.”

The hacker adds that they could have stolen Ether, Bitcoin, Binance Coin, Lycancoin, and many BEP-20 tokens if they had wanted to, asserting that “multiple critical issues” were found and that a 10% bug bounty could have prevented the incident.

On July 16, Cointelegraph reported that THORChain had been halted after 4,000 Ether worth $7.6 million was drained from the protocol. The protocol unsuccessfully proposed a bug bounty to the hacker in exchange for returning the stolen funds.

Related: ChainSwap announces compensation and ‘deep audit’ plan after $8M exploit

The decentralized exchange also lost $140,000 in a separate exploit suffered last month.

THORChain entered into its guarded “Chaosnet” launch in April, enabling cross-chain swaps across the Bitcoin, Ethereum, Litecoin, Bitcoin Cash, and Binance Chain networks.

Publication date: 
07/23/2021 - 03:11
Author: 
Disclaimer

The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.