Thorchain suffers $8 million loss by hacker wanting to 'teach lesson'

Quick Take

  • Cross-chain swap platform Thorchain has been hit by an $8 million hack, its third in a month.
  • But this time, the hacker wanted to teach a lesson — as the attack could have been far worse.
advertisement

Thorchain has been exploited for the third time in a month, bringing total losses to around $13 million. The platform, which looks after $100 million in funds, is designed for exchanging crypto tokens across different blockchains.

In this attack, the platform was exploited for $8 million as the hacker was able to trick the network into thinking they had deposited a range of funds, when they hadn’t, and then somehow getting a refund. But the hacker made sure to leave a note explaining that the attack could have been much more damaging.

In the input data field for one of the transactions, the hacker wrote that they could have taken further coins including bitcoin (BTC), ether (ETH) and BNB. They said there were multiple critical issues and they “wanted to teach lesson (sic) minimizing damage.” 

“Do not rush code that controls 9 figures,” they added.

Thorchain acknowledged that it had suffered a “sophisticated attack” and that the hacker knowingly limited its impact. It said that the hacker requested a 10% bounty of the stolen funds and that the treasury has the money to cover the exploit. But it added that now's the “time to slow down.”

Thorchain said that it plans to keep the network halted for now as it reviews the code. Then it will restore solvency (which could include paying the bounty). Once everyone is satisfied with the security of the network, it will be restarted. It hasn't given specific dates for when each stage will happen.

Prior to this attack, Thorchain suffered a relatively minor $140,000 incident in late June and a $5 million hack just a week ago.

The price of thorchain (RUNE) has continued to slide, down 17% today. It has fallen further from its peak of $20.30 in May to its current value of $3.85 — down 81% over this time period.

How this affects ShapeShift

On a related note, Thorchain is one of the main technologies used by ShapeShift — a service for swapping tokens that plans to go fully decentralized. During this move, it will become more dependent on technologies such as Uniswap and 0x for Ethereum-based trades.

In a recent interview prior to this exploit, ShapeShift CEO Erik Voorhees told The Block — in reference to Thorchain’s $5 million hack — “It's certainly concerning.” But he argued that the network is in an experimental phase, kind of like a beta version, but with real money. So it’s no surprise that it has faced some issues.

Voorhees said, “I don't want to sugarcoat it. That's not good. And there were mistakes made there. But ultimately, these systems just have to iterate and improve and become more resilient by being out in the wild.”

For more breaking stories like this, make sure to subscribe to The Block on Telegram.


© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

Digital asset economy fuels instant settlements innovation

Today the always-on demands of online markets have to be matched with the ability to access opportunities instantly and with no limits. Historically correspondent banks would move large sums of money for those needing to transfer funds while creating bottlenecks of unnecessary friction.
Read Full Story
Sponsored Post

Layer-2 Scaling Solutions: A Framework for Comparison - Commissioned by Polygon

Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
Read Full Story
May 5, 2022, 3:17PM UTC
More