THORChain (RUNE) has suffered another heist in the space of one week. The hackers succeeded in stealing $8 million worth of crypto assets from the decentralized exchange and have suggested a 10 percent bounty, according to a Twitter thread on July 23, 2021.
THORChain Targeted Again
Barely seven days after THORChain, a cross-chain decentralized finance protocol suffered a $7.6 million attack, the platform has been targeted again by hackers but this time, $8 million has been stolen from the decentralized exchange (DEX).
According to a Twitter thread by the THORChain team, the latest $8m hack on its ETH Router seems to have been orchestrated by a whitehat hacker, as the perpetrators deliberately limited the impact of the heist, while also advising the team to implement a 10 percent bounty.
THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat.
ETH will be halted until it can be peer-reviewed with audit partners, as a priority.
LPs in the ERC-20 pools will be subsidised.
— THORChain #LUNAISCOMING (@THORChain) July 23, 2021
The hacker’s note in the transaction input data reads:
“Could have taken ETH, BTC, LYC, BNB, and BEP20s if waited. Wanted to each [a] lesson on minimizing damage. Multiple critical issues. A 10 percent VAR bounty would have prevented this. Disable [chain] until audits are complete. Audits are not nice to have. Do not rush code that controls 9 figures.”
More Work Needed
While the THORChain team has been working round the clock to patch the bugs in the protocol since the first attack, the latest heist has indeed made it clear to the team that their hard work is not just enough.
Against that backdrop, the team has made it clear that it plans to implement the 10 percent bug bounty program requested by the hacker, and it will also halt support for ETH until it is extensively peer-reviewed.
“It is a tough time for the community and project, and the pain is real. The treasury has the funds to cover, but it’s time to slow down. THORChain is too important not to deliver on. The complexity of the state machine is its Achilles heel, but this can be solved with more eyes on, as well as a rethink in developer procedures and peer-review,” the team added.
While hacks and heists are seemingly inevitable in the world of decentralized finance (DeFi), a good number of projects have somehow managed to stay safe through juicy bug bounty programs and more.
THORChain faithful have encouraged the team to look beyond audit and security firms in their efforts to solidify the network and find a way of attracting these anonymous and sophisticated hackers to work with THORChain.
At press time, the price of THORChain’s s RUNE token is down by 17 percent in the past 24 hours, trading around $3.89, according to CoinMarketCap.