THORChain hacked, $7 million in tokens stolen
Link copied to
Cross-asset exchange platform THORChain has been hacked, with the attacker using an exploit to drain roughly A7$ million of dollars worth of crypto-coins from the protocol.
THORChain’s bridge to Ethereum was recently upgraded to allow deposits wrapped in smart contracts, and the attacker used their smart own contract to trick the “bifrost” into thinking they had according to a post-mortem.
Initially it was feared as much as 13,000 worth of Ethereum (worth roughly A$33.7 million) was taken, but that was downgraded later.
— Chad Barraford #BRINGTHECHAOS (@CBarraford) July 16, 2021
A wallet the attacker allegedly used contains 2,399.9 Ether (worth A$6.2 million); along with 57,976 SushiTokens (worth A$525,305); 8.7 Yearn.finance tokens (A$353,500); and a total of A$655,000 in DODO bird, Alchemix, Kylin Network, Hegic and Aave coins.
THORChain developers were promising to use the protocol’s treasury to reimburse users who had their tokens stolen.
The attack drained funds from liquidity pools, basically users who were staking their tokens on the platform in exchange for rewards.
THORChain entered into a “guarded” launch in April with capped liquidity pools ahead of a broader rollout.
A hacker in June also managed to drain US$140,000 from the platform.
THORChain’s Rune token was down 13.1 per cent this afternoon to US$4.90, making it the No. 65 crypto.
THORChain powers decentralised cross-platform exchanges such as THORSwap, ASGARDEX and SKIP Exchange.
Other decentralised exchanges only handle swaps between their native tokens. For example, Uniswap users can only swap between tokens on the Ethereum network.