Ethereum Layer 2 Scroll halts chain finalization after Rho Markets suffers $7.6M breach
Ethereum Layer 2 Scroll halts chain finalization after Rho Markets suffers $7.6M breach
The attacker has expressed willingness to return the stolen funds.
Ethereum layer-2 network Scroll has delayed its chain finalization because of the a doubtlessly exploitable trojan horse internal its ecosystem.
On July 19, Rho Markets, a lending protocol on the blockchain, detected odd process and suspended operations to review.
Blockchain security company Cyvers Alert reported a hack of roughly $7.6 million on Rho Markets’ USDC and USDT swimming pools. The company stated:
“The root position off of this incident appears to be an oracle rep admission to control by a malicious actor!”
Based utterly totally on DeBank’s dashboard, the exploiter’s pockets holds 2,203 ETH worth $7.5 million and different sources cherish Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.
In response, Scroll Network stated that it used to be delaying its chain finalization. The mission stated:
“After verifying with the Rho Markets crew, we initiated a coordinated response. To entirely assess the affirm, Scroll determined to temporarily prolong chain finalization. We confirmed that the exploit used to be utility-explicit.”
Meanwhile, Scroll’s resolution sparked a debate referring to the network’s decentralization. Critics argue that delaying the chain contradicts decentralized rules, whereas supporters judge the traipse used to be vital to present protection to users’ sources.
Andy, the co-founding father of The Rollup, stated:
“Except things are shut to being maximally decentralized I comprise pausing verbalize finalization to forestall individual funds being misplaced is suitable. Especially an ecosystem mission who is attempting to innovate. I donât know what this says about Scrollâs censorship resistance although.”
Whitehat hacker?
Meanwhile, the attacker appears engaging to return the stolen funds, main to speculations that the incident would possibly perhaps perchance be a whitehat act.
On-chain messages shared by blockchain investigator ZachXBT expose the attacker’s willingness to return the funds. The message reads:
“Hi there RHO crew, our MEV bot profited out of your designate oracle misconfiguration. We perceive the funds belong to users and are engaging to utterly return them. However first, we would cherish you to admit it used to be a misconfiguration, no longer an exploit or hack. Additionally, please present off the trend it's likely you'll perhaps forestall this from going on again.”
Particularly, on-chain records reveals the attacker’s contend with is linked to several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.
Talked about on this text
Source credit : cryptoslate.com