1 month ago
Ethereum layer-2 web Scroll has delayed its concatenation finalization owed to a perchance exploitable bug wrong its ecosystem.
On July 19, Rho Markets, a lending protocol connected the blockchain, detected antithetic enactment and suspended operations to investigate.
Blockchain information steadfast Cyvers Alert reported a hack of astir $7.6 cardinal connected Rho Markets’ USDC and USDT pools. The steadfast stated:
“The basal origin of this incidental seems to beryllium an oracle entree power by a malicious actor!”
According to DeBank’s dashboard, the exploiter’s wallet holds 2,203 ETH worthy $7.5 cardinal and different assets similar Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.
In response, Scroll Network stated that it was delaying its concatenation finalization. The task stated:
“After verifying with the Rho Markets team, we initiated a coordinated response. To thoroughly measure the situation, Scroll decided to temporarily hold concatenation finalization. We confirmed that the exploit was application-specific.”
Meanwhile, Scroll’s determination sparked a statement astir the network’s decentralization. Critics reason that delaying the concatenation contradicts decentralized principles, portion supporters judge the determination was indispensable to support users’ assets.
Andy, the co-founder of The Rollup, stated:
“Until things are adjacent to being maximally decentralized I deliberation pausing authorities finalization to forestall idiosyncratic funds being mislaid is right. Especially an ecosystem task who is trying to innovate. I don’t cognize what this says astir Scroll’s censorship absorption though.”
Whitehat hacker?
Meanwhile, the attacker appears consenting to instrumentality the stolen funds, starring to speculations that the incidental mightiness beryllium a whitehat act.
On-chain messages shared by blockchain researcher ZachXBT amusement the attacker’s willingness to instrumentality the funds. The connection reads:
“Hello RHO team, our MEV bot profited from your terms oracle misconfiguration. We recognize the funds beryllium to users and are consenting to afloat instrumentality them. But first, we would similar you to admit it was a misconfiguration, not an exploit oregon hack. Also, delight explicate however you volition forestall this from happening again.”
Notably, on-chain information shows the attacker’s code is linked to respective centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.
The station Ethereum Layer 2 Scroll halts concatenation finalization aft Rho Markets suffers $7.6M breach appeared archetypal connected CryptoSlate.
English (US) 