WEB3
by BSCN
July 19, 2024
The attacker, showing a willingness to return the funds, insists on Rho Markets acknowledging their error and outlining preventive measures.
Rho Markets, a scroll-based money market, suffered an exploit that resulted in a loss of over $7.5 million.
The incident saw the perpetrator drain 2,203 ETH in just nine minutes. Following the breach, Rho Markets paused blockchain finality to assess if the issue was specific to their application.
"We’ve detected unusual activity on our platform and are currently investigating it,” the team announced on its X account.
The attacker exploited a vulnerability in Rho Markets’ oracle system. Oracles are critical as they provide off-chain data to smart contracts. By manipulating the oracle, the hacker drained the protocol’s entire supply of USDT and USDC stablecoins. They withdrew more than double the posted collateral in Ether.
Blockchain security firm Cyvers initially suspected ‘Oracle access control by a malicious actor’ as the root cause. This was later confirmed by BlockSec, which noted a strange ownership transfer of the Oracle contract. On-chain detective ZachXBT suggested there was a high probability of fund recovery due to the attacker’s exposure to centralized exchanges.
Data from Debank confirmed that the $7.5 million in Ether remained in the attacker’s wallet at the time of reporting. The exploit was highlighted by an X user who linked to the attacker’s address, revealing a gain of $7.5 million.
In a surprising turn, the attacker, operating an MEV bot, offered to return the funds. The condition: Rho Markets must publicly admit to an oracle misconfiguration error. The attacker communicated via an on-chain message on the Ethereum mainnet:
"Hello RHO team, our MEV bot have profited from your price oracle misconfiguration. We understand that the funds belong to the users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what are you going to do to prevent it from happening again.”
Recently, Rho Markets announced on Twitter that the incident has been resolved and funds will be reallocated back to borrow pools soon.
Dear Rho Fam,
— Rho Markets📜 | Rho.scroll (@RhoMarketsHQ) July 19, 2024
We are pleased to inform you that the incident has been successfully resolved.
🔸We are currently in the process of reallocating funds back to the borrow pools. Rest assured, a comprehensive postmortem report will be shared with the community in due course.
🔸In…
Rho Markets holds approximately $22.17 million worth of assets, according to DeFiLlama.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
0h : 53m ago
OKX Ventures, The Open Platform, and Folius Ventures Launch $10M Telegram Growth Hub
October 29, 2024
Is Bitcoin Set to Soar Even Higher?
October 29, 2024
DWF Labs Dismisses Partner Amid Drink-Spiking Allegations in Hong Kong
October 29, 2024
Visa and FV Bank Debut New Debit and Expense Cards, Bridging Crypto and Fiat Global Payments
October 29, 2024
Bitcoin Surges Past $71,000: What Could be the Possible Reasons?
October 29, 2024
Hong Kong Expands Tax Incentives to Include Virtual Assets, Targeting Institutional Investors
October 28, 2024
Dogecoin Surges Amid Musk and Trump Connections
October 28, 2024
Could Robinhood’s U.S.-Only Election Market Predict Results Better by Excluding Foreign Influence?