The decentralized finance project (DeFi) Thorchain, which controls the RUNE cryptocurrency, lost US$ 8 million after suffering a “sophisticated” exploitation on Thursday (22), as described the team on Twitter. This is already the third attack that hits the protocol in less than a month, and this time, the hacker takes the opportunity to snipe the developers of the cryptocurrency. In a message linked to the transaction, the attacker sneered: “I could have taken out more Ethereum, Bitcoin, BNB, LYC, and BEP20s if I wanted to teach damage minimization. There are several critical problems", says the message that circulated on social networks. The hacker went on to say that "you don't rush a code that controls 9 digits," in reference to the $101 million in funds that are under Thorchain's management, according to data from DeFi Llama. All this amount is entrusted to the smart contracts of the liquidity protocol that has emerged in the market to allow users to exchange tokens from different non-compatible networks in a decentralized way. Altogether, Thorchain accumulates $13 million in losses on three exploits that exposed the code's various vulnerabilities. In yesterday's offensive, the hacker managed to manipulate the smart contract by making the network believe he had made a deposit into the pool that actually never happened. By confusing the protocol, the guy was able to claim an $8 million refund. “The hacker deliberately limited his impact, apparently a white hat (good hacker). He has requested a 10% reward which we will give if he contacts us and we encourage him to do so. It's a difficult time for the community and the pain is real,” wrote the Thorchain team.
The whitehat requested a 10% bounty – which will be awarded if they reach out, and they should be encouraged to do so. It is a tough time for the community and project, and the pain is real. The treasury has the funds to cover, but it's time to slow down.— THORChain (@THORChain) July 23, 2022
The message described that the treasury has enough funds to cover the impact of the attack, but that it is time to "slow down" and tighten security. Last Thursday (15), the project had already lost $5 million after attackers found a bug in the smart contract. The developers were able to act in time and prevent further damage. Also in late June, Thorchain was the target of a smaller exploration that took another $140,000 of funds, according to The Block.
The fall of RUNE
RUNE, the protocol's native cryptocurrency, dropped 28 percent once the exploit became public. Over the past 24 hours, the currency has managed to cut losses to 14% and is now trading at $3.85, according to CoinMarketCap. Recent events take the currency further away from its historic high of $21 it reached in late May. In the month, RUNE accumulates losses of 37%.