THORChain, a decentralized cross-chain exchange, has suffered from an attack that drained around $5 million in Ethereum (ETH) from the protocol, Runebase reported on 16 July.
While initially it was estimated that about 13,000 ETH ($25 million) were lost in the attack, a more detailed assessment of the situation by THORChain revealed that number was significantly lower. The team behind the crypto trading protocol has already stated the protocol has enough funds to cover the losses, but it’s hoping the hacker would return the funds in exchange for a bug bounty. A THORChain Telegram post reads:
“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery.”
The network was quickly halted after the incident was discovered, with the THORChain team saying that once it is patched the network will be restarted. According to the team, the only users that were affected by the attack were ETH liquidity providers.
During its investigation, THORChain found that the hacker had paid “huge slip fees” while executing his attack, with nodes capturing around $1.4 millions, and ERC-20 liquidity providers another $1.4 millions. The team will now work with security firms to have its contracts audited.
This is not the first time THORChain was the target of an attack, with the protocol losing around $140,000 worth of assets during its Chaosnet deployment last month.