{"id":306181,"date":"2021-07-23T06:11:55","date_gmt":"2021-07-23T03:11:55","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/possible-white-hat-hacker-exploits-thorchain-for-8m-proposes-10-bounty\/"},"modified":"2021-07-23T06:11:55","modified_gmt":"2021-07-23T03:11:55","slug":"possible-white-hat-hacker-exploits-thorchain-for-8m-proposes-10-bounty","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/possible-white-hat-hacker-exploits-thorchain-for-8m-proposes-10-bounty\/","title":{"rendered":"# Possible \u2018white hat hacker\u2019 exploits THORchain for $8M, proposes 10% bounty"},"content":{"rendered":"<p>&#8220;<strong># Possible \u2018white hat hacker\u2019 exploits THORchain for $8M, proposes 10% bounty <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDcvNmEwNDA1ZWEtMDc2OS00NjlhLTlhNWYtMGIyM2MzNzBlN2RmLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Cross-chain decentralized exchange THORChain has suffered its second multi-million-dollar hack in as many weeks, with $8 million worth of Ether impacted.<\/p>\n<p>However, the attack <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to have been carried out by a white-hat hacker, with THORChain announcing the perpetrator had requested a 10% bounty. ETH will be halted until the code has been audited.<\/p>\n<p>Liquidity providers impacted by the exploit will be subsidized using the project\u2019s treasury funds<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The whitehat requested a 10% bounty &#8211; which will be awarded if they reach out, and they should be encouraged to do so. <\/p>\n<p>It is a tough time for the community and project, and the pain is real. <\/p>\n<p>The treasury has the funds to cover, but it&#8217;s time to slow down.<\/p>\n<p>\u2014 THORChain (@THORChain) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/THORChain\/status\/1418360746329608195?ref_src=twsrc%5Etfw\">July 23, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The exchange \u2014 which is still in the middle of a staged beta launch called Chaosnet \u2014 conceded that the \u201ccomplexity\u201d of its state machine comprises THORChain\u2019s \u201cArchille\u2019s heel,\u201d however asserted that its issues \u201ccan be solved with more eyes on, as well as a re-think in developer procedures and peer-review.\u201d<\/p>\n<p>A screenshot <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zillaQuest\/status\/1418368903500242945\/photo\/1\">shared<\/a> from the project\u2019s Discord forum appears to show a message forwarded to the project by the hack via transaction data.<\/p>\n<p>The hacker claims they deliberately minimized the damage from the exploit in a bid to teach THORChain a lesson, stating: \u201cDo not rush code that controls 9 figures,\u201d and \u201cDisable until audits are complete.\u201d<\/p>\n<p>The hacker adds that they could have stolen Ether, Bitcoin, Binance Coin, Lycancoin, and many BEP-20 tokens if they had wanted to, asserting that \u201cmultiple critical issues\u201d were found and that a 10% bug bounty could have prevented the incident.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">message from hacker&#8230; <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/1j8wOPcYHa\">pic.twitter.com\/1j8wOPcYHa<\/a><\/p>\n<p>\u2014 zillaQuest!? (@zillaQuest) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zillaQuest\/status\/1418368903500242945?ref_src=twsrc%5Etfw\">July 23, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On July 16, Cointelegraph reported that THORChain had been halted after 4,000 Ether worth $7.6 million was drained from the protocol. The protocol unsuccessfully proposed a bug bounty to the hacker in exchange for returning the stolen funds.<\/p>\n<p><strong><em>Related: <\/em><\/strong><em>ChainSwap announces compensation and \u2018deep audit\u2019 plan after $8M exploit<\/em><\/p>\n<p>The decentralized exchange also lost $140,000 in a separate exploit suffered last month.<\/p>\n<p>THORChain entered into its guarded \u201cChaosnet\u201d launch in April, enabling cross-chain swaps across the Bitcoin, Ethereum, Litecoin, Bitcoin Cash, and Binance Chain networks.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/possible-white-hat-hacker-exploits-thorchain-for-8m-proposes-10-bounty\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Possible \u2018white hat hacker\u2019 exploits THORchain for $8M, proposes 10% bounty &#8221; Cross-chain decentralized exchange THORChain has suffered its second multi-million-dollar hack in as many weeks, with $8 million worth of Ether impacted. However, the attack appears to have been carried out by a white-hat hacker, with THORChain announcing the perpetrator had requested a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":306182,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDcvNmEwNDA1ZWEtMDc2OS00NjlhLTlhNWYtMGIyM2MzNzBlN2RmLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74877,74882],"class_list":["post-306181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-decentralized-exchange","tag-hacks"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/306181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=306181"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/306181\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/306182"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=306181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=306181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=306181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}