THORChain, a cross-chain decentralized exchange, was attacked again, suffering a second massive multi-million attack in a week.
The THORchain is a decentralized liquidity network that allows trading of assets from different blockchains without middlemen or “wrapped” substitutes and offers other decentralized services. Launched in 2018, it got popular in several countries around the world.
The decentralized exchange suffered another multi-million dollar hack this week. It happened just a week after it lost $5 million in a flash loan attack. Previously, it was attacked in June, when it lost $140,000. The platform has suffered three attacks this year alone.
Thorchain explained that the hacker used a custom contract to trick the network’s Bifrost Protocol into transferring fake assets. After processing the refund, the hacker was able to continue using the network.
The most recent attack is believed to have been carried out by a white hat hacker. He or she asked the company for a 10% bounty.
“THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat,” the exchange said on Twitter.
Also, the hacker stated that they deliberately minimized the damage caused by the exploit in order to teach THORChain a lesson.
Nevertheless, the incident has caused huge losses to THORChain. Thorchain said its network had been audited by multiple blockchain security experts to find bugs and prevent future attacks.
Administrators of the THORChain project indicated that the organization has the financial resources to refund the users’ stolen funds. But the reputation had been damaged, and the recovery is not going to be easy.
“There were really only two options. Launch and accept the risk of issues, or not launch and stay in the 90% complete audit-review cycle for another six months. Both are difficult,” Thorchain said.
The attacker was asked to contact THORChain to discuss the return of funds. The chain was ready to pay the bug bounty.
The exchange is working to prevent such attacks from happening in the future.