WEB3

Rho Markets Hit by $7.5M Hack, Attackers Demand Admission of Oracle Error for Fund Return

by BSCN

July 19, 2024

The attacker, showing a willingness to return the funds, insists on Rho Markets acknowledging their error and outlining preventive measures.

Rho Markets, a scroll-based money market, suffered an exploit that resulted in a loss of over $7.5 million.

The incident saw the perpetrator drain 2,203 ETH in just nine minutes. Following the breach, Rho Markets paused blockchain finality to assess if the issue was specific to their application.

"We’ve detected unusual activity on our platform and are currently investigating it,” the team announced on its X account.

Exploit Mechanics

The attacker exploited a vulnerability in Rho Markets’ oracle system. Oracles are critical as they provide off-chain data to smart contracts. By manipulating the oracle, the hacker drained the protocol’s entire supply of USDT and USDC stablecoins. They withdrew more than double the posted collateral in Ether.

Blockchain security firm Cyvers initially suspected ‘Oracle access control by a malicious actor’ as the root cause. This was later confirmed by BlockSec, which noted a strange ownership transfer of the Oracle contract. On-chain detective ZachXBT suggested there was a high probability of fund recovery due to the attacker’s exposure to centralized exchanges.

Data from Debank confirmed that the $7.5 million in Ether remained in the attacker’s wallet at the time of reporting. The exploit was highlighted by an X user who linked to the attacker’s address, revealing a gain of $7.5 million.

Hacker's Demands

In a surprising turn, the attacker, operating an MEV bot, offered to return the funds. The condition: Rho Markets must publicly admit to an oracle misconfiguration error. The attacker communicated via an on-chain message on the Ethereum mainnet:

"Hello RHO team, our MEV bot have profited from your price oracle misconfiguration. We understand that the funds belong to the users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what are you going to do to prevent it from happening again.”

Recently, Rho Markets announced on Twitter that the incident has been resolved and funds will be reallocated back to borrow pools soon.

Dear Rho Fam,

We are pleased to inform you that the incident has been successfully resolved.

🔸We are currently in the process of reallocating funds back to the borrow pools. Rest assured, a comprehensive postmortem report will be shared with the community in due course.

🔸In…
— Rho Markets📜 | Rho.scroll (@RhoMarketsHQ) July 19, 2024

Rho Markets holds approximately $22.17 million worth of assets, according to DeFiLlama.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article