Thorchain (RUNE) Tested, Network Gets Halted After Being Attacked for 4k ETH
Only ETH LPs were affected who will be made whole assured the team while noting that this disappointing event, in which the decentralized system got halted due to certain thresholds being hit, will only make the network “stronger and more resilient.”
On Thursday, Thorchain suffered an attack resulting in the loss of about 4,000 ETH from the trading protocol, less than 13,000 ETH as previously suspected.
Innovation leads to exploitation. Its why hardened protocols often stop innovating, very little upside to increase risk by innovating. Its why we also see more exploits in new developing sectors.
— Andre Cronje (@AndreCronjeTech) July 16, 2021
What happened was ETH Bitfrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero.
“The attacker paid huge slip fees, approx $1.4m was captured by nodes, with further $1.4m by ERC20 LPs. Only users affected are ETH LPs, and they will be made whole. So despite the exploit, Nodes, LPs, and Arbers will stand to profit considerably,” noted @Thorchain on Twitter.
This vector is similar to why Coinbase Commerce might not detect a payment from a smart contract wallet or Binance not credit a tx from https://t.co/rCzZey2hzU. It comes to using transaction payloads as a source of truth instead of traces which contain the actual low-level calls. https://t.co/5SjywdmVL7
— banteg (@bantg) July 15, 2021
The community developers discovered the issue and anonymous nodes reportedly voluntarily stopped their nodes. With 1/3rd of the nodes halted, the network got paused.
Explaining just how the decentralized system got halted, Thorchain said that it is decentralized with certain thresholds that require 67% of 38 nodes to run and gets halted if 33% of 38 nodes halt.
“These nodes are anonymous and anyone can become one (with minimum bond amounts). No individual (or minority) can affect the system.”
The loss of about $5 million will be borne by the Thorchain treasury, which will be distributed to the ETH liquidity providers.
The team is already working on the recovery plan with a fix for the bug already released and approved. Now, lost funds will be restored, an automatic-solvency checker will be released, and the team will work with security firms for audits.
While a disappointing event, the Thorchain team noted that it would only make the network “stronger and more resilient.”
Attacks on Thorchain were inevitable and always calculated with.
The protocol is being battle tested and will harden with each attack.
Rather 50 succesful attacks now than 1 a few years from now.
Fix and iterate, onwards $RUNE
— Bitcøin_Sage⚡ (@Bitcoin_Sage) July 16, 2021
As of writing, RUNE is trading at $4.61, down nearly 78% from its all-time high of $20.87 two months back.