THORChain (RUNE) says it lost $4.9 million in a recent DeFi attack
- ThorChain has joined the long list of companies that suffered a cyberattack within the past year.
- The attackers exploited a bug in Bifrost, which allowed the hackers to steal $5 million.
- The DEX exchange has requested the attacker to return the fund in exchange for a bounty.
Cross-chain decentralized exchange (DEX) THORChain has become the latest company to suffer an exploit, with details of a multi-million attack.
The exchange was hacked for $4,000 ETH (about $5 million). However, the previous estimate was as high as 13,000 ETH, but THORChain (RUNE/USD), in a statement, revealed that the platform lost $4.9 million in the exploit.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
“This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered,” ThorChain said via its official Twitter account.
Bug in Bitrost allowed the hackers to succeed
During the investigation into the hacking incident, it was revealed that a vulnerability in Bitfrost opened the door for the hackers to succeed. The DeFi protocol links Polkadot with several other proof-of-stake blockchains. According to the report, the ETH Bifrost recently went through an update to enable composability. But the threat actors took advantage of the existing bug to launch an attack on the router.
THORChain announced on July 16 on its Telegram channel that the actual figure is far less than what has been posted earlier.
The vulnerability has been fixed
Although the company is still investigating the exploit and details are still sketchy, it announced that more details about the attack will be announced as soon as more information is uncovered.
As a result of the exploit, the multi-chain ChaosNet DEX protocol, launched by ThORChain in April, had to be halted after the hack was discovered.
However, the developers are assuring users that they should not panic because there are enough funds in the treasury to cover the loss. At the same time, the exchange has asked the attacker to contact them for a bounty in exchange for the stolen funds.
Thorchain developers say they have already initiated a fix for the bug that was exploited for the attack. They have encouraged node operators to update their software as soon as possible.