July 17, 2021- 10:49 p.m.
Popular cross-chain decentralized exchange THORChain has suffered a multi-million-dollar breach.
Estimates as to the scale of the damage vary, with THORChain revising the initial estimate that 13,000 Ether (ETH) (worth $25.1 million) had been stolen, bringing the total down to 4,000 ETH (roughly $7.6 million) as a ballpark for damages. A subsequent community-provided rundown of stolen assets suggests the figure is closer to $6 million.
In the THORChain community Telegram channel, administrators have indicated the project has the funds needed to cover users’ stolen assets but articulated a preference for the hacker to return the stolen funds in exchange for a bug bounty.
“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery,” a Telegram post stated, adding that user funds “will be available when the issue has been patched & the network resumes.”
THORChain has since tweeted that its preliminary roadmap to recovery is underway, announcing that after the vulnerability is patched and the network is restarted, Ether will be donated to liquidity provider pools to reimburse impacted users. From there, the team plans to engage security firms to have its contracts audited.
Blockchain cybersecurity firm Halborn Security is compiling a proposal to the THORChain community for “Advance Persistent Protection,” offering up a team of up to half a dozen “ethical security engineers working to break every update on Thorchain.”
