Cross-chain decentralized exchange platform THORChain has joined the long list of DeFi protocols that have suffered a security breach lately.
In a Friday announcement, the project’s team disclosed that its Bifrost protocol was compromised, allowing the attackers to redirect ETH tokens to their own accounts. Initial estimates noted that the loss was about 13,000 ETH ($25 million). However, the team clarified the figure to be 4,000 ETH (about $5 million) on their social media channels.
The only entity that will wear the burden will be the THORChain treasury, approx $5m will be used to donate to ETH LPs.This is the purpose of the treasury during Chaosnet, to insure the network funds. Onwards— THORChain (@THORChain) July 16, 2021
As of press time, the details of the attack were not known. The project has promised to release more details from its investigation. However, an incident report blamed a Bifrost bug for the security breach.
Bifrost is a multi-chain DeFi protocol that allows developers to use multiple blockchain protocols simultaneously. Bifrost ETH was recently updated for better composability. The update allegedly carried a vulnerability that the attacker used to exploit the THORChain router.
At this stage the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH. More detailed assessment and recovery steps will be announced soon. The users who suffered (LPs) will be made whole in the coming weeks. https://t.co/LR2x8VZ2kx— THORChain (@THORChain) July 15, 2021
Upon discovering the attack, THORChain paused its network, with the team assuring users that only liquidity providers were affected.
Attacks targeted at DeFi protocols have grown to become more frequent in recent months. Attacks have stolen millions for these protocols, including PancakeBunny and ChainSwap.