Another multi-million dollar attack on THORChain in a week
THORChain has been attacked for the third time this year and for the second time this week. The attacker demanded a 10% bounty of the total exploitation amount.
THORChain tweeted this incident on 23 July, a week after he got exploited for $5million in a flash loan attack. According to the tweet, the number lost this time was almost $8M, and that the attack was carried out by a generous white-hat hacker who demanded a 10% bounty on it.
THORChain announced that they would be allowed to pay if they reached the attacker and should be encouraged to do so.
“It is a tough time for the community and project, and the pain is real. The treasury has the funds to cover, but it’s time to slow down”.
In a screenshot posted on THORChain’s Discord channel, Hacker intentionally did this to aware us of these loopholes and teach a lesson. It stated: “Do not rush code that controls 9 figures” and “Disable until audits are complete”.
The hackers also claimed that they found “multiple critical issues”, so they could take Bitcoin, Ethereum, Binance Coin, Lycancoin, and other BEP-20 tokens. They added this would have been prevented by a 10% bug bounty.
“The complexity of the state machine is currently its archille’s heel, but this can be solved with more eyes on, as well as a re-think in developer procedures and peer-review”.
Protocol advocate and ShapeShift CEO Erik Voorhees :
Being Crypto revealed on July 16 that the DEX protocol was controlled using another router exposure that resulted in about $5Million. In addition, THORChain was targeted by hackers in a June attack that resulted in an estimated $140,000.
Also Read: Tether Will Conduct An Audit In The Upcoming Month.