In an interesting turn of events, Rho Markets, a lending protocol based on the Ethereum layer two network Scroll, has had a terrifying experience with grey hat hackers, temporarily losing $7.6 million in user assets.
Rho Markets Security Breach Revealed by Gray Hat
In a X-message On Friday, Rho Markets announced that they had noticed suspicious activity on their platform, prompting them to suspend all operations and launch an investigation. The crypto lending platform assured all users that the majority of its token pools were secure and there was no cause for concern.
Related reading: Report Reveals $235 Million Crypto Theft From WazirX Was ‘Perpetrated’ By North Korean Hackers
However, Cyvers warns revealed that Rho Markets had been compromised, with the attackers siphoning off $7.6 million worth of assets from the platform’s USDT and USDC token pools. They further stated that the incident occurred due to these foreign actors gaining access to Rho Markets’s oracle control.
For context, an oracle is a mechanism that provides external data to a blockchain, allowing smart contracts to function efficiently with access to real-time information. By manipulating the oracle, the hackers were able to alter the data fed to smart contracts on Rho Markets, allowing them to move assets off the DeFi platform.
However, the hackers are soon sent an on-chain message saying he was willing to return the stolen funds, but under certain conditions. The message read:
Hello RHO Team, our MEV bot took advantage of your Price Oracle misconfiguration. We understand that the funds belong to users and are willing to refund in full. But first we need you to admit that it was not an exploit or hack but a misconfiguration on your part. Also, please advise what you are going to do to prevent it from happening again.
This development indicated that Rho Markets was dealing with gray hat hackers, that is, individuals who hack platforms with good intentions, perhaps to expose potential vulnerabilities in the system. Gray hat hackers usually carry out their operations without the consent of their targets, unlike white hat hackers employed by platforms to detect potential security vulnerabilities.
Rho Markets Restores Assets, Promises Better Security Measures
Hours after the security incident, Rho Markets announced they had successfully recovered the situation and all user assets were safe. In the future, they plan to refund their USDC, USDT, and WETH pools and identify all active supply accounts at the time the attack occurred. Finally, Rho Markets indicates that they will systematically resume lending and transfer services on the platform, but with strict adherence to strict safety protocols.
Main image of Lajoj/Medium, chart from Tradingview.com