Details Concerning the Exploit Against THORChain on July 15, 2021


Photo Source

INTRODUCTION

In this subsection of the THORChain Coin Guide, we will look into what caused the most recent attack against THORChain as well as what steps THORChain is following in its aftermath.

THE JULY 15TH HACK

On July 15, 2021, a hacker compromised THORChain's cross-chain decentralized exchange causing a loss of approximately 4000 Ethereum (currently valued at approximately $7 million). Specifically the hacker exploited a vulnerability that was contained in THORChain's Bifrost protocol that transferred Ethereum directly to the hacker's accounts.

The Bifrost protocol is a multi-chain mechanism that facilitates cross-chain connections through the use of bridges between various blockchains. Bifrost recently updated the Ethereum bridge with THORChain so as to improve on its existing composability (This update was specifically performed to allow the router to be “wrapped” by contracts).

Basically, the hacker was able to play a trick on the network. The hacker made it appear that Ethereum was being deposited into THORChain through the Ethereum Bifrost component when in fact zero (0) Ethereum was actually transferred. (Specifically, the THORChain ETH Bifrost router was tricked by utilizing a custom wrapper to read a deposit amount of 200 ETH when it was in fact zero ETH). The attack was repeated by the hacker for between one to two hours before the entire THORChain network was shuttered by the node operators.

It is interesting to note that the network shut-down was commenced when a THORChain developer became aware of the situation and requested the node operators to enter the 'make halt' command to prevent further losses. The threshold to stop network operations was met when one-third of the node operators issued the command.

When THORChain originally announced the attack, it was first reported that the hacker made away with approximately 13,000 Ethereum (or roughly $25 million). On THORChain's Official Twitter account the first reported sum was revised by the following announcement: “At this stage, the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH. More detailed assessment and recovery steps will be announced soon".

WHAT IS THORCHAIN DOING IN RESPONSE TO THE ATTACK

Although it appears that THORChain has sufficient funds on hand to cover it's users’ stolen assets, administrator's on the THORChain Official Community Telegram channel have expressed a preference for the hacker to return the exploited funds in exchange for an appropriate 'bug bounty'. The exact Telegram statement reads as follows: “While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery,”

As noted above, the entire THORChain system was shut down as a precautionary measure. The Telegram announcement continued in that the users' funds “will be available when the issue has been patched & the network resumes".

"Later on, THORChain outlined the recovery plan that is already in motion. Before the attack, the hackers paid 'huge slip fees' of about $1.4 million captured by nodes and another $1.4 million caught by the ERC-20 liquidity providers as the team explained. THORChain said that only users affected are ETH LPs and they will be made whole". [Bitcoin Core News. "THORChain Got Compromised In Latest DeFi Hack With $7.6M Stolen". (Accessed July 19, 2021)]. THORChain's recovery plan also calls for increased audits of its systems.

Parenthetically, this was the second attack on the THORChain system. In June of 2021, THORChain posted the following on Twitter:

20210719.png
Photo Source

CONCLUSION

THORChain announced that it's node operators and liquidity providers should be unaffected after the funds have been recovered and restored, and added that “the network will be stronger and more resilient.” [Id.]. All in all, THORChain handled the attack situation it faced in a very professional fashion. THORChain was extremely transparent in explaining the causes of the attack as well as the remedial steps it was taking in an expedient time frame.

In their infancy both Bitcoin and Ethereum were subject to costly exploitations. Those attacks did not impede the future successes bestowed upon both these projects. It is very likely that the same will hold true for THORChain as the systemwide need this project addresses is very much necessary to secure, foster, and ensure the future of Decentralized Finance in the blockchain world.

H2
H3
H4
3 columns
2 columns
1 column
2 Comments
Ecency