Thorchain, a rising DeFi (decentralized finance) protocol, was compromised twice in the last two weeks, losing more than $10 million.
Adding insult to the already severe damage left by the exploit, the hacker left behind a message that detailed the measures that should have been undertaken to prevent his attack and protect the protocol’s users.
Just days after losing 4,000 ethereum, Thorchain, which features an automated market maker (AMM) and decentralized exchange and is known for its liquidity pools having a total value locked of around $101.75 million, found itself as a victim of another hacking incident.
The latest attack
The new Thorchain exploit was perpetrated against the ETH Router contract and targeted the Thorchain Bifrost component, resulting in losses of more than $8 million.
After doing his dirty work, the hacker left a message, saying the vulnerability was known before the latest attack and was entirely preventable.
According to the perpetrator, when using Solidity — the Ethereum Smart Contract coding language used in the protocol — programmers advise developers against using certain coding methods to transfer funds.
The hacker said the team in charge overlooked this and it led to an issue within the protocol’s native RUNE token’s contract mode.
Trolling the victim
As opposed to the norm of quickly leaving the crime scene, the hacker behind the exploit took his time and even left behind a message that effectively trolled the DeFi protocol.
In doing so, the hacker put emphasis on the protocol’s decision not to issue bounties or engage auditors to check code that currently oversees a nine-figure TVL.
The developers of Thorchain initially believed the hack only cost them around $800,000 but upon checking, it appeared more assets were taken from the protocol.
Image courtesy of Cointelegraph News/YouTube