Ethereum

Ethereum Layer 2 Scroll Halts Chain Finalization After Rho Markets Suffers $7.6 Million Breach

Published

4 months ago

on

Ethereum layer-2 network Scroll has delayed the completion of its chain due to a potentially exploitable bug within its ecosystem.

On July 19, Rho Markets, a blockchain lending protocol, detected unusual activity and operations suspended for investigation.

Blockchain security company Cyvers warns reported a hack of approximately $7.6 million from Rho Markets’ USDC and USDT pools. The company said:

“The root cause of this incident appears to be an access control to the oracle by a malicious actor!”

According to DeBank dashboardThe operator’s wallet contains 2,203 ETH worth $7.5 million and other assets like Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.

In response, Scroll Network said it was delaying the completion of its channel. The project said:

“After verifying with the Rho Markets team, we have initiated a coordinated response. To assess the situation thoroughly, Scroll has decided to temporarily delay the chain completion. We have confirmed that the exploit is application specific.”

Meanwhile, Scroll’s decision has sparked a debate over the decentralization of the network. Critics say that delaying the chain contradicts decentralized principleswhile its supporters believe that this measure was necessary to protect users’ assets.

Andy, co-founder of The Rollup, declared:

“Until things are close to being maximally decentralized, I think it makes sense to hold off on finalizing state to prevent user funds from being lost. Especially for an ecosystem project that is trying to innovate. I don’t know what that says about Scroll’s censorship resistance.”

White hat hacker?

Meanwhile, the attacker appears willing to return the stolen funds, suggesting that the incident could be an act of money laundering.

Chain messages shared by blockchain investigator ZachXBT show the attacker’s desire to return the funds. The message bed:

“Hello RHO Team, our MEV bot took advantage of your price oracle misconfiguration. We understand that the funds belong to the users and are willing to return them in full. But first, we would like you to admit that this was a misconfiguration, not an exploit or hack. Also, please explain how you will prevent this from happening again.”

Notably, on-chain data shows that the attacker’s address is linked to several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.

Mentioned in this article

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version