ThorChain (RUNE) Suffers ‘Chaosnet’ Exploit Worth 4,000 ETH, Puts Recovery Plan in Motion
Cross-chain DEX ThorChain suffers a multi-million dollar exploit on Chaosnet, offers bounty to hackers to return funds.
ThorChain Suffers Exploit, Network Activity Halted
Popular cross-chain decentralized exchange (DEX) and DeFi protocol ThorChain recently suffered a back whereby around 4000 ETH ($7.6 million) worth of digital assets (ETH/ERC20) were stolen from the protocol by sophisticated hackers.
At this stage the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH.
More detailed assessment and recovery steps will be announced soon.
The users who suffered (LPs) will be made whole in the coming weeks. https://t.co/LR2x8VZ2kx
— THORChain #LUNAISCOMING (@THORChain) July 15, 2021
Soon after the exploit, the ThorChain community got into action where it floated a recovery plan which is already in motion.
Per the recovery plan, ThorChain will release a patch to the targeted attack vector and restart the network. At the same time, it will also block the pending outbounds and restore solvency.
Further, the network will also donate funds back into the ETH pool (presumably from its treasury) to restore the lost funds to ETH LPs.
Finally, once the LPs have had their funds restored, ThorChain will engage security firms to audit its contracts.
The recovery plan is in motion:
1) Release the patch and restart the network, block the pending outbounds, restore solvency
2) Donate funds back into the ETH pool to restore the lost funds to ETH LPs
3) Release the automatic-solvency checker
4) Work with security firms to audit— THORChain #LUNAISCOMING (@THORChain) July 16, 2021
It is worthy of note that while the ThorChain team has enough in its treasury to compensate the LPs. If its Telegram posts are anything to go by, it prefers the hackers to return the funds in exchange for a bug bounty.
“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery,” a Telegram post stated, adding that user funds “will be available when the issue has been patched & the network resumes.”
Bolstering the Security to Avoid Future Exploits
While the ChaosNet exploit is unfortunate, the ThorChain team is not letting the setback affect its productivity.
Erik Voorhees, who recently announced the decentralization of one of the oldest crypto exchanges ShapeShift was one of the several LPs who lost their RUNE due to the exploit.
Voorhees, however, emphasized that ThorChain’s long-term vision of enabling cross-chain decentralized trading with no intermediaries is “worth a great many stumbles.”
Lost a bunch on my RUNE position today. Worth it.
We're in this for the long-term. Cross-chain decentralized trading with no intermediaries is worth a great many stumbles.
Expect chaos during chaosnet. @THORChain <3
— Erik Voorhees (@ErikVoorhees) July 16, 2021
Similarly, blockchain cybersecurity company Halborn Security is in the middle of compiling a proposal to the ThorChain community for “Advance Persistent Protection” whereby it is offering a team of 4-6 ethical engineers “working to break every update on ThorChain.”
In the coming hours, #Halborn will be putting forth a proposal to the @thorchain $RUNE community for "Always-on" Advance Persistent Protection. A team of 4-6 ethical security engineers working to break every update to Thorchain. More detail to come…
— Halborn (@HalbornSecurity) July 15, 2021
In related news, BTCManager reported that DeFi and NFT platform Bondly Finance fell victim to an exploit which caused the BONDLY token to plummet more than 60% within three hours of the attack.
