The entity behind a bot that extracted .6 million from Rho Markets last week has returned the funds to the liquidity and lending protocol deployed on the rollup chain Scroll. While first reported that a bug in an oracle contract allowed an attacker to walk away with the funds, it was a bot that conducted an MEV (maximum extractable value) attack. That occurred due to the reported issue with the oracle. The attacker also left an on-chain message on the transaction siphoning the funds, reading, “We understand that the funds belong to users and are willing to fully return. But first, we would like you to admit that it was not an exploit or a hack but a misconfiguration on your end.” Over the weekend, Rho Markets took to X to announce, “We have successfully completed the fund allocation,”
Topics:
Suraj Manohar considers the following as important: Crime, News
This could be interesting, too:
Chayanika Deka writes Russian Investigator Sentenced to 16 Years for Accepting M Bitcoin Bribe from Hackers
Chayanika Deka writes UN Agency Calls for Urgent Action on Crypto-Enabled Crimes in Southeast Asia
Temitope Olatunji writes X Empire Unveils ‘Chill Phase’ Update: Community to Benefit from Expanded Tokenomics
Bhushan Akolkar writes Cardano Investors Continue to Be Hopeful despite 11% ADA Price Drop
The entity behind a bot that extracted $7.6 million from Rho Markets last week has returned the funds to the liquidity and lending protocol deployed on the rollup chain Scroll. While first reported that a bug in an oracle contract allowed an attacker to walk away with the funds, it was a bot that conducted an MEV (maximum extractable value) attack. That occurred due to the reported issue with the oracle.
The attacker also left an on-chain message on the transaction siphoning the funds, reading, “We understand that the funds belong to users and are willing to fully return. But first, we would like you to admit that it was not an exploit or a hack but a misconfiguration on your end.”
Over the weekend, Rho Markets took to X to announce, “We have successfully completed the fund allocation,” talking about moving all the assets back into the protocol’s pools. “The protocol is now officially back online,” the post continued to read.
In another post, Rho Markets emphasized its willingness to increase security measures to prevent such occurrences from repeating, “We will introduce more third-party partners to enhance security measures, including on-chain data monitoring and smart contract audits. Additionally, we will strengthen internal security measures such as multiple internal reviews and rigorous simulation environment testing before going live on the mainnet.”
As the attacker returned the funds on the same day of the exploit, Rho Markets began working on reinstating the protocol, which was paused to prevent additional funds from leaving the platform. It mentioned a phased approach to going back live, including repaying accounts identified to be attacked during the hack, refilling drained liquidity pools, and finally resuming the borrowing and transfer features.
The attack happened on a scary week for crypto protocols and service providers. LI.FI was the victim of a $10 million exploit, and WazirX suffered a hack that stole over $230 million.