Rho Markets attacker offers to return funds, says incident not a hack

Blockchain sleuth ZachXBT says the attacker who took funds from Scroll-supported lending protocol Rho Markets is willing to return all funds.

Specifically, the attacker has written an on-chain message committing to returning all funds, claiming theirs wasn’t an exploit or hack. In a post after the incident, blockchain investigator ZachXBT noted that the attacker appeared to be a grey or white hat and that the funds could be recovered. The exploiter has a lot of exposure on centralized exchanges, ZachXBT noted.

Not long after, the attacker communicated with Rho via an on-chain message.

The message read:

‘Our MEV bot has profited from a configuration error in Rho Markets’ price oracle. We understand these funds belong to users and are willing to return them in full. However, we first want you to acknowledge that this was not an exploit or hack, but a configuration mistake on your part. Additionally, please inform us of the measures you will take to prevent such incidents in the future,” they wrote.

Rho Markets pauses platform amid investigation

Earlier on Monday, blockchain security firm Cyvers Alerts noted that Rho Markets had suffered an attack that impacted the protocol’s USDC and USDT pools.

From the incident, the attacker managed to move $7.6 million in user funds, with these held on several chains.

Rho and Scroll, an Ethereum Layer 2 protocol, confirmed the attack, noting “unusual activity. As they commenced investigations, the Rho Markets team announced a pause to the network.

“The platform functions will be enabled again once everything returns to normal. Thank you for your understanding and patience,” Rho Markets wrote.