THORChain Hacked Again, But Whitehat Suspected

Reading Time: 2 minutes
  • THORChain has been hacked for a second time in a week, with $8 million worth of ETH stolen
  • However, the hacker may have been a whitehat as they left a message criticizing the platform’s security and saying they could have wiped the Treasury almost clean
  • $7.6 million worth of ETH was stolen from the liquidity pool last week

Cross-network platform THORChain has been hacked for the second time in a week, although it seems that this time round the hacker may have been trying to do them a favor. Following last week’s hack that saw 4,000 ETH worth $7.6 million stolen from the THORChain platform, a second attack yesterday saw a similar amount taken again, only this time the hack came with a message from the perpetrator – your security is terrible and I could have taken more.

Hacker Says He Could Have Taken More

THORChain was initially exploited on July 16, where 4,000 ETH was stolen when the THORChain’s ETH router was compromised. This was embarrassing enough given the hype that THORChain is generating in the cryptocurrency world, but yesterday’s hack was worse not just in terms of the financial loss but the reputational loss given the stated motive of the hacker.

THORChain alerted their community to the second hack via a tweet late yesterday which stated that the hacker “deliberately limited their impact” but still walked away with $8 million in ETH:

THORChain was able to tell that the hacker limited their impact because they left a handy note saying exactly what they could have taken, like a burglar stealing your watch collection but leaving the car:

Of course we don’t know for sure that the hacker could have taken all that, but regardless it serves as a warning to THORChain that they need to do a lot more work than they may otherwise have thought to efficiently protect the system. It is incredible to think just how close the project was to potentially having its entire treasury wiped out.

THORChain Vows to Come Back Stronger

For their part, THORChain has taken it on the chin, saying that they will keep building and will honor the 10% bounty requested by the hacker if they come forward. As with the first hack they have also said they will cover any losses from the liquidity providers whose ETH was stolen. Hopefully this is the last such hack that THORChain endures and it can get back to building and launching its product once the code is audited.