- Rho Markets experienced a $7.5 million exploit due to an Oracle misconfiguration.
- Scroll delayed chain finalization to assist in managing the exploit response.
- The hacker transferred the stolen funds to a multi-signature wallet, awaiting further resolution.
Rho Markets Hit by $7 Million Exploit
Rho Markets, a leading Ethereum Layer 2 protocol, suffered a major exploit. The breach resulted in the loss of $7.5 million. According to DeBank, the hacker drained the funds and then communicated directly with the Rho Markets team.
Scroll, the blockchain hosting Rho Markets, responded swiftly. The team delayed chain finalization to assist Rho Markets in managing the exploit. This intervention aimed to mitigate further damage and regain control.
The hacker attributed the exploit to a misconfigured Oracle within Rho Markets. In an on-chain message, the hacker claimed their “MEV bot” profited from the flaw. They expressed willingness to return the stolen funds, provided Rho Markets acknowledged the misconfiguration.
Hacker Requests Public Admission
In a bold move, the hacker requested Rho Markets publicly admit the issue stemmed from an internal error. They also asked for details on how Rho Markets plans to prevent future exploits. This demand underscores the hacker’s attempt to frame the incident as a technical oversight rather than a malicious attack.
Despite the ongoing situation, the hacker transferred the stolen $7.6 million to a multi-signature wallet. It’s unclear if this wallet is co-owned by Rho Markets. The status of the recovery efforts remains uncertain.
Onchain investigator ZachXBT provided additional insights. He noted that the exploiter had significant exposure to centralized exchanges. This connection could increase the chances of fund recovery. ZachXBT suggested the hacker might be a gray or white hat, given their willingness to return the funds.
This incident is part of a broader trend of hackers exploiting market downturns. Recently, hackers have been buying discounted Ethereum using stolen funds. The ongoing volatility in the crypto market has created opportunities for such exploits.
Crypto Hackers Target Ethereum
On August 5, hackers used stolen cryptocurrency to buy 16,892 ETH, linked to the Nomad bridge hack from August 2022. Blockchain analytics firm Lookonchain revealed the purchase involved 39.75 million stolen DAI tokens. The hacker then moved the funds to the crypto mixer Tornado Cash.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.