Cross-chain decentralized exchange THORChain fell victim to another multi-million attack. Before discussing the attacks, let’s learn more about this popular cross-chain decentralized exchange. Its history dates back to 2018 and in several years it gained popularity around the globe. This exchange distributes rewards in the form of RUNE (the network’s native token) to any user that adds tokens to a liquidity pool.
THORChain suffered its second multi-million hack within a week. The exchange published information on its Twitter account on July 23, just a week after it was exploited for $5 million in a flash loan attack. The decentralized exchange also lost $140,000 in a separate exploit suffered in June.
Nevertheless, the attack appears to have been carried out by a white hat hacker. The hacker who hacked the cross-decentralized exchange requested a 10% bounty. This hacker deployed a custom contract that was able to trick its Bifrost Protocol into receiving a deposit of fake assets. The network then processed a refund of real assets to the hacker who penetrated the exchange.
The hacker stated that they minimized the damage from the exploit on purpose in a bid to teach THORChain a lesson. The white hat hacker also noted that they had the ability to steal Bitcoin, Ether, and other cryptocurrencies.
THORChain and cyber attacks
As stated earlier, THORChain suffered huge losses this month. Less than two weeks ago, hackers attacked a popular cross-chain decentralized exchange. Administrators of the THORChain community Telegram channel indicated the project has the financial resources to cover users’ stolen funds. But the exchange asked the attacker to get in touch with THORChain to discuss returns of funds. THORChain was ready to pay a bug bounty to the attacker.
The exchange is working hard to prevent such attacks in the future. Multiple blockchain security companies checked THORChain to locate bugs in a given network.