Thorchain suffers $8 million loss by hacker wanting to 'teach lesson'

Quick Take

  • Cross-chain swap platform Thorchain has been hit by an $8 million hack, its third in a month.
  • But this time, the hacker wanted to teach a lesson — as the attack could have been far worse.

Thorchain has been exploited for the third time in a month, bringing total losses to around $13 million. The platform, which looks after $100 million in funds, is designed for exchanging crypto tokens across different blockchains.

In this attack, the platform was exploited for $8 million as the hacker was able to trick the network into thinking they had deposited a range of funds, when they hadn’t, and then somehow getting a refund. But the hacker made sure to leave a note explaining that the attack could have been much more damaging.

In the input data field for one of the transactions, the hacker wrote that they could have taken further coins including bitcoin (BTC), ether (ETH) and BNB. They said there were multiple critical issues and they “wanted to teach lesson (sic) minimizing damage.” 

“Do not rush code that controls 9 figures,” they added.

Thorchain acknowledged that it had suffered a “sophisticated attack” and that the hacker knowingly limited its impact. It said that the hacker requested a 10% bounty of the stolen funds and that the treasury has the money to cover the exploit. But it added that now's the “time to slow down.”

Thorchain said that it plans to keep the network halted for now as it reviews the code. Then it will restore solvency (which could include paying the bounty). Once everyone is satisfied with the security of the network, it will be restarted. It hasn't given specific dates for when each stage will happen.

Prior to this attack, Thorchain suffered a relatively minor $140,000 incident in late June and a $5 million hack just a week ago.

The price of thorchain (RUNE) has continued to slide, down 17% today. It has fallen further from its peak of $20.30 in May to its current value of $3.85 — down 81% over this time period.

How this affects ShapeShift

On a related note, Thorchain is one of the main technologies used by ShapeShift — a service for swapping tokens that plans to go fully decentralized. During this move, it will become more dependent on technologies such as Uniswap and 0x for Ethereum-based trades.

In a recent interview prior to this exploit, ShapeShift CEO Erik Voorhees told The Block — in reference to Thorchain’s $5 million hack — “It's certainly concerning.” But he argued that the network is in an experimental phase, kind of like a beta version, but with real money. So it’s no surprise that it has faced some issues.

Voorhees said, “I don't want to sugarcoat it. That's not good. And there were mistakes made there. But ultimately, these systems just have to iterate and improve and become more resilient by being out in the wild.”

For more breaking stories like this, make sure to subscribe to The Block on Telegram.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Related Reading

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

TRON USDC now available

Delivering on a vision for an interoperable global standard for dollar digital currency, Circle and TRON have partnered to make USD Coin (USDC) available on the TRON blockchain, which has grown to more than 56 million accounts and nearly 2.5 billion transactions since its founding just four years ago. TRON is home to a broad ecosystem for digital assets in Asia and around the world, and the TRON community can now benefit from easy access to the world's fastest-growing, regulated dollar digital currency. 
Read Full Story
Sponsored Post

Layer-1 Platforms: A Framework for Comparison

The Block Research was commissioned by Algorand to create Layer-1 Platforms: A Framework for comparison, which provides a “look under the hood” at seven platforms: Algorand, Avalanche, Binance Smart Chain, Cosmos, Ethereum/Ethereum 2.0, Polkadot, and Solana. We assess their technical design, related ecosystem data, and qualitative factors such as key ecosystem members to get an understanding of how they differ. Having done this analysis, we draw some insights for what the future of the broader smart contract landscape could look like for years to come. 
Read Full Story
Aug 11, 2021, 5:18PM UTC