$7.6 Million THORChain Hack
The Intelligent Insurer #26 — THORChain blockchain hit by a major hack
Popular decentralized exchange (DEX) THORChain has been hacked with $7.6 million worth of Ethereum and other cryptocurrencies stolen in the process. The details of the hack have yet to be clarified. The platform’s Multi Chain Chaos Net (MCCN) — a feature that enables cross-chain swaps between Bitcoin, Ethereum, and a few other blockchain networks — was halted by the node operators until there are further clarifications regarding the hack.
The THORChain hack is the latest in a series of protocol breaches that have led to significant losses for DeFi investors. In recent releases, we covered exploits including an $8 million ChainSwap hack, a so-called bank run on the Titan protocol, and a 600 ETH PolyButterfly rug pull. The fate of affected THORChain users is not yet clear. However, the project’s team has been reported to be making plans of repaying affected users up to $5 million.
In the latest Intelligent Insurer, we review some of the details regarding the THORChain hack. We highlight how the incident affected the price of RUNE, the native token of the THORChain platform. We also analyze how users of the DEX and other cryptocurrency platforms can safeguard themselves against such exploits. Before jumping in the details of the THORChain exploit, we summarize our Insured Finance development updates from the past week.
Insured Finance Development Roundup
As noted in last week’s release, we were working on creating a bridge between the Goerli and Mumbai test networks for USDT, DAI, and USDC. This has been successfully implemented over the past week and we intend to accomplish another bridge for the INFI token over the next week. We have also integrated a MetaMask wallet connection that will allow users to easily switch between these two test networks.
On the backend, we have successfully implemented the code for various refund functionalities. Users can now easily request refunds for deposits, premiums, and various other claims. Moreover, we have integrated a price feed from Chainlink. The Insured Finance backend processes and smart contracts will now operate based on precise and reliable external data feeds.
We are currently working on implementing various code relating to the claims process. We are putting in place processes for the recording of data regarding claims. We are also finalizing the claims process for events of stablecoin devaluation.
Over the coming weeks, we will be looking to integrate various functionalities between the frontend and backend. We will connect the backend processes with the frontend design for functionalities like viewing insurance offers, viewing deposits, and viewing coverage.
Early details of the THORChain hack
THORChain was created as a solution that provides decentralized liquidity across independent blockchains. The team behind THORChain is mostly anonymous. The conception and full launch of the project happened between June 2018 and April 2021. Apart from providing a platform for inter-blockchain liquidity, THORChain also powers a decentralized exchange (DEX) that allows anyone to trade or lend their crypto assets.
The hack on THORChain happened on July 15th 2021, with initial posts from the team suggesting that they were yet to figure out the actual vulnerability that was exploited by the attacker. An initial post on the community’s Telegram channels offered a bounty for the attacker to reach out to the team to discuss the return of funds.
Preliminary information has been gathered from the address of the MCCN attacker. An overview of the attacker’s address reveals that the attacker received 2400 ETH (worth $4.6M), 57,975 SUSHI (worth $394K), 8.73 YFI (worth $265K), 171,912 DODO (worth $197.6M), 514.51 ALCX (worth $145K) and small amounts of other tokens from THORChain’s liquidity pool.
The recent hack is the second time that THORChain is experiencing such a breach in just a couple of weeks. While the community expects the platform to adjust and improve upon its security protocols, users should be responsible enough to ensure that they apply their own protective measures. We will discuss this further in the finaal section. As a result of the hack, THORChain’s native token RUNE has taken a nose-dive, breaking below existing support levels to trade around $3.69 at the time of writing.
(Source: TradingView.com)
By halting the blockchain, the THORChain team claims to imitate the actions of Satoshi Nakamoto in the early days of Bitcoin, when the Bitcoin network was exploited by some attackers on August 15th 2010. Despite such claims and comparisons, the team has been heavily criticized for the halt by community members.
Early details of the hack also show that the attacker paid huge fees as a result of slippage to nodes and liquidity pools (LPs). Approximately $1.4 million was paid to both nodes and ERC20 LPs. Therefore, despite the hack, not all participants are affected negatively. Some of them even stand to make considerable gains. Therefore, according to the THORChain team, only users who contributed to the Ethereum liquidity pool will be compensated since they are the ones that are directly affected by the hack.
Protecting against exploits like THORChain
Despite significant advancement in the cryptocurrency market, it is still a high risk asset class. Exploits like the THORChain attack highlight that digital asset users need to employ protective measures to protect against the risks of the rapidly growing marketplace.
The security of blockchain platforms has always been subject to vulnerabilities given the evolving state of the technology. Digital asset insurance solutions have emerged to help cryptocurrency investors protect against the various risks of the ecosystem.
Decentralized insurance solutions like Insured Finance allow digital asset users to secure tailored coverage for their specific portfolio. Insured Finance is one of the only solutions that allows users to protect against events like rug pulls, exchange hacks, stablecoin failure, and several other crypto-related risks.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Insured Finance users can request customized insurance on a wide variety of digital assets. Those that fulfill requests earn premiums and can earn a competitive return on their capital. Claims are fully collateralized and settled instantly.
