THORChain loses up to $7.6M in ‘Chaosnet’ exploit, offers hacker a bounty to return funds

Published at: July 16, 2021

Popular cross-chain decentralized exchange THORChain has suffered a multi-million-dollar breach.

Estimates as to the scale of the damage vary, with THORChain revising the initial estimate that 13,000 Ether (ETH) (worth $25.1 million) had been stolen, bringing the total down to 4,000 ETH (roughly $7.6 million) as a ballpark for damages. A subsequent community-provided rundown of stolen assets suggests the figure is closer to $6 million.

At this stage the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH. More detailed assessment and recovery steps will be announced soon. The users who suffered (LPs) will be made whole in the coming weeks. https://t.co/LR2x8VZ2kx

— THORChain #ACTIVATETHESYNTHS⚡️ (@THORChain) July 15, 2021

In the THORChain community Telegram channel, administrators have indicated the project has the funds needed to cover users’ stolen assets but articulated a preference for the hacker to return the stolen funds in exchange for a bug bounty.

“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery,” a Telegram post stated, adding that user funds “will be available when the issue has been patched & the network resumes.”

THORChain has since tweeted that its preliminary roadmap to recovery is underway, announcing that after the vulnerability is patched and the network is restarted, Ether will be donated to liquidity provider pools to reimburse impacted users. From there, the team plans to engage security firms to have its contracts audited.

As of this writing, the THORChain network remains halted.

This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.

— THORChain #ACTIVATETHESYNTHS⚡️ (@THORChain) July 16, 2021

Blockchain cybersecurity firm Halborn Security is compiling a proposal to the THORChain community for “Advance Persistent Protection,” offering up a team of up to half a dozen “ethical security engineers working to break every update on Thorchain.”

Related: A RUNE with a view: How smart crypto traders caught a 48% price pump

THORChain entered into its guarded “Chaosnet” launch during April, facilitating cross-chain swaps across the Bitcoin, Ethereum, Litecoin, Bitcoin Cash and Binance Chain networks.

DeFi Watch founder Chris Blec said the staged “raise the caps” launch of THORChain had prevented an even greater loss of funds.

Keep in mind - THORchain has been responsibly using a guarded launch approach to its rollout. This exploit could have been *much worse* if they had just recklessly launched without caps on its liquidity pools.

— Chris Blec (@ChrisBlec) July 15, 2021

Today’s attack is not the first time THORChain has been targeted by hackers during its Chaosnet deployment, with the protocol losing at least $140,000 worth of assets last month.

Tags
Altcoin
Cryptocurrencies
Defi
Hacks
Decentralized Exchange
Related Posts
DeFi isn’t dead, it just needs to fix these 3 critical problems
The persistent challenges faced by decentralized finance have been well documented by a handful of analysts and the recent collapse of the Terra ecosystem re-enforced the fact that something is critically wrong with DeFi. I think DeFi today is completely broken for 99% of the population. The promise of a more transparent financial system has been overtaken by greed. UST/LUNA is just the latest in a string of bad developments: — Peter Yang (@petergyang) May 11, 2022 Let's take a look at what experts say DeFi needs to do to have another revival. Improved usability To date, the promise of …
Adoption / May 31, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Here are 6 DEX tokens that have seen exponential growth in 2021
DeFi has steadily grown in prominence over the past year thanks in large part to the strong foundations established by decentralized exchanges (DEX) that enable easy access to the latest tokens and projects. While there have been previous iterations of DEX user interfaces, such as IDEX or Etherdelta, it wasn’t until Uniswap launched that trading in the DeFi network really took off and facilitated the launch of the finance tokens. Here are six of the top-performing tokens in the decentralized finance sector. UNI/USDT Uniswap has risen from the humble beginnings of a simple user interface that allowed for a token …
Markets / Feb. 27, 2021
Today's biggest crypto gainers: Why REQ, MFT and KEY rallied over 20%
Cryptocurrency bulls continued to face stiff headwinds headed into the week of March 14 that began with a vote in Europe about whether or not to outlaw proof-of-work cryptocurrencies, which was ultimately rejected. Despite these pressures, however, several cryptocurrency projects have managed to post gains in excess of 20% on Monday thanks to new partnerships and protocol updates. Data from Cointelegraph Markets Pro and TradingView shows that the biggest gainers over the past 24-hours were Request Network (REQ), Hifi Finance (MFT) and Selfkey (KEY). Metaverse payments with Request Network Request Network (REQ) is an Ethereum-based decentralized payment system that allows …
Markets / March 14, 2022
Gnosis (GNO) price rallies 50%+ after CowSwap users claim COW airdrop
This week Gnosis (GNO) price notched a swift 50%+ rally after the project took another step forward in its transition to the Coincidence of Wants Procotol, or CoW, an interface that offers traders protection from miner extracted value (MEV). Data from Cointelegraph Markets Pro and TradingView shows that the price of GNO has gained 86% over the past seven days, rising from a low of $308 on March 21 to an intraday high at $574 on March 28. Three reasons for the rapid price increase for GNO include the release of the CowSwap (COW) token which was airdropped to Gnosis …
Markets / March 29, 2022