Ethereum Layer 2 Scroll halts chain finalization after Rho Markets suffers $7.6M breach

Ethereum Layer-2 community Scroll has delayed the chain’s completion as a result of a probably exploitable bug in its ecosystem.

On July 19, Rho Markets, a lending protocol on the blockchain, detected uncommon exercise and suspended actions to research.

Blockchain safety firm Cyvers Alert reported a hack of roughly $7.6 million on Rho Markets’ USDC and USDT swimming pools. The corporate acknowledged:

“The basis explanation for this incident seems to be an oracle entry management by a malicious actor!”

Based on DeBank dashboardThe operator’s pockets incorporates 2,203 ETH value $7.5 million and different belongings equivalent to Mantle’s MNT, Binance’s BNB and Fantom’s FTM tokens.

In response, Scroll Community acknowledged that it was delaying the completion of the chain. The undertaking acknowledged:

“After session with the Rho Markets group, we’ve initiated a coordinated response. To totally assess the state of affairs, Scroll determined to briefly postpone the completion of the chain. We confirmed that the exploit was software particular.”

In the meantime, Scroll’s choice sparked a debate in regards to the decentralization of the community. Critics argue that it slows down the chain is contrary to decentralized principleswhereas supporters consider this transfer was needed to guard customers’ property.

Andy, the co-founder of The Rollup, declared:

“Till issues are nearly fully decentralized, I believe pausing state rounding to keep away from shedding consumer funds is the best factor to do. Particularly an ecosystem undertaking that tries to innovate. Nevertheless, I do not know what this says about Scroll’s resistance to censorship.”

White hat hacker?

In the meantime, the attacker seems keen to return the stolen cash, resulting in hypothesis that the incident could also be a whitehat act.

On-chain posts shared by blockchain researcher ZachXBT present the attacker’s willingness to return the funds. The message reads:

“Howdy RHO group, our MEV bot took benefit of your pricing oracle’s misconfiguration. We perceive that the cash belongs to customers and are keen to return it in full. However first, we would such as you to confess that it was a misconfiguration, and never an exploit or hack. Additionally clarify how one can forestall this from taking place once more.”

On-chain information reveals that the attacker’s handle is linked to a number of centralized crypto exchanges, together with Binance, Gate, KuCoin, and OKX.

Talked about on this article