ThorChain, a popular cross-chain decentralized exchange, suffered massive losses but assured its community that it has the means to cover the stolen amount.
Increased Frequency of Attacks
Thorchain’s chaosnet became the latest victim of an attack. The first estimation of losses was at approximately $25 million or 13,000 Ethereum. However, the estimations were subsequently revised to $7.6 million in losses. The final sum was confirmed to be approximately $4.9 million.
In an announcement in its Telegram group, ThorChain first estimated a much bigger loss to its community. It also announced that it has the necessary funds in its treasury to cover the losses from the July 15th exploit.
The network was immediately halted to prevent further exploitation once the attack became apparent. The thief tricked the ETH Bifrost (a blockchain middleware) using a custom wrapper to read a deposit amount of 200 when it was actually zero. The developers promised to give a proper account in a post mortem blog.
When a community developer discovered this exploit, nodes were voluntarily halted. Once more than one-third of the nodes are halted, the network stalls giving node operators the ability to take emergency action to protect the network.
Recovery Process
The ThorChain developers took immediate steps to work on a patch and it was released not shortly after.
A series of steps were prepared to ensure that ThorChain can operate without fear of another exploit. First, after the release of the patch, the network will be restarted, and solvency will be restored.
The developers will donate the funds to the ETH pool from its treasury to restore the stolen funds. The developers will also release an auto-solvency checker as a preventive measure. It also suggested an audit with security firms to identify weaknesses in the protocol.
Community Reaction
Many users are shocked and alarmed by this exploitation. The developers stepped in to assure their community and the users that there will be no losses from this hack.
Andre Cronje, the founder of Yearn Finance, wrote in his tweet that innovation leads to exploitation, and that is why we see more exploitations happen in new developing sectors.
Interchain Liquidity and Fallout
Providing interchain liquidity in a decentralized network is challenging, and ThorChain is charting new territories by being a platform that links various chains.
Chaosnet is designed to be the battleground to deal with these rough patches. This also means that there is an increased risk as this innovation navigates itself forward.
The silver lining in this attack is taking comfort in knowing that the node operator can halt the network as a preventive and as a stop-gap measure. An attack is less costly now compared to an attack in the future.
ThorChain has also requested the attacker get in touch with the team. The attacker could receive a bounty that commensurates with the discovery.
Halborn Security has submitted a proposal to ThorChain and its community to have Advance Persistent Protection ‘Always-on’. Halborn proposes to have 4-6 security engineers working to break every update to ThorChain.
Key Takeaways
This exploit will not be the last. Crypto innovation ventures into unchartered territories, and the security risk is higher. What matters most are the precautions to minimize such losses when an exploit takes place and how the developers and its community react to the incident. Trust and support from the community are essential to every project, and accountability by the developers in handling the aftermath is critical.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.
BSC NEWS is a private news network. All posts posted by this user belong 100% to bsc.news All rights are reserved to BSC NEWS for more information about BSC NEWS contact BSC NEWS HERE.
