THORChain is one of the top decentralized cross-chain swap protocols, in the spotlight for all the wrong reasons after news of a $1.3 million exploit.
JP (@jpthor), who co-founded THORChain and Vultisig, was reportedly scammed out of $1.3 million in a totally unrelated scam involving North Korean hackers.
Blockchain investigator ZachXBT points to the irony that THORChain and its various services have routinely been used by those hackers to LAUNDER funds.
This all illustrates the larger problems that even industry leaders are facing, as social engineering attacks increasingly target people instead of exploits at the code level.
How the Attack Unfolded?
The exploit was initiated with a phishing-style method, according to the on-chain transaction history.
Users were presented with the “bounty offer” messages to return the $THOR tokens for rewards.
Alleged THORSwap messages arrived via Discord or other known channels, resulting in victims voluntarily losing funds.
Once tokens were obtained, the exploiter promptly cycled them through Ethereum transactions to multiple wallets, and the individuals ended up with losses they could not recover.
The exploit illustrates how social engineering was recently used in a targeted way to victimize naïve crypto holders.
Also Read: THORChain Announces 90-Day Restructuring Plan Amid Financial Challenges, $RUNE Price Plunges 30.9%
THORChain’s Response and Damage Control
Following the event, the THORChain team made a public announcement offering the exploiter a bounty deal to return the stolen tokens within 72 hours and not face any legal repercussions.
As well as recovering the tokens, the developers stressed the community’s need to remain vigilant, and they reminded users to check that they had the correct wallet addresses, the origin of their communication, and to be aware of the threat of phishing.
Logs are currently being reviewed to identify stolen funds and prevent any further damage.
Even if individuals were targeted in the exploit, THORChain recognized the risk of reputational damage and reaffirmed its commitment to user safety.
Also Read: Cryptocurrencies In The Spotlight: Bitcoin, Onyxcoin, & THORChain See Significant Market Discussions
Market Impact and Past Security Issues
In terms of market impact, the THORChain native token, RUNE, experienced a slight decline of $1.28, 0.06% lower in the last 24 hours, but up nearly 5% over the previous week.
Additionally, with a market cap of $450.6 million and trading volume of $48.6 million, it appears investors remain largely unaffected.
However, the exploit has reawakened anxiety given THORChain’s history with high-profile security incidents.
Earlier in the year, hackers linked to the Bybit breach allegedly swapped $480 million worth of stolen ETH for Bitcoin on THORChain, leaving a lot of people wondering how risky THORChain is for overwhelming funds migrating within the network, according to UnoCrypto.
The most recent exploit underscores the need for enhanced protection mechanisms for users and heightened vigilance in the decentralized finance domain.
Also Read: THORChain Surpasses $1 Billion In Swap Volume In 48 Hours Amid $1.4 Billion Bybit Exploit