Ethereum layer-2 network Scroll has delayed its chain finalization due to a potentially exploitable bug within its ecosystem.

On July 19, Rho Markets, a lending protocol on the blockchain, detected unusual activity and suspended operations to investigate.

Blockchain security firm Cyvers Alert reported a hack of approximately $7.6 million on Rho Markets’ USDC and USDT pools. The firm stated:

“The root cause of this incident seems to be an oracle access control by a malicious actor!”

According to DeBank’s dashboard, the exploiter’s wallet holds 2,203 ETH worth $7.5 million and other assets like Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.

In response, Scroll Network stated that it was delaying its chain finalization. The project stated:

“After verifying with the Rho Markets team, we initiated a coordinated response. To thoroughly assess the situation, Scroll decided to temporarily delay chain finalization. We confirmed that the exploit was application-specific.”

Meanwhile, Scroll’s decision sparked a debate about the network’s decentralization. Critics argue that delaying the chain contradicts decentralized principles, while supporters believe the move was necessary to protect users’ assets.

Andy, the co-founder of The Rollup, stated:

“Until things are close to being maximally decentralized I think pausing state finalization to prevent user funds being lost is right. Especially an ecosystem project who is trying to innovate. I don’t know what this says about Scroll’s censorship resistance though.”

Whitehat hacker?

Meanwhile, the attacker appears willing to return the stolen funds, leading to speculations that the incident might be a whitehat act.

On-chain messages shared by blockchain investigator ZachXBT show the attacker’s willingness to return the funds. The message reads:

“Hello RHO team, our MEV bot profited from your price oracle misconfiguration. We understand the funds belong to users and are willing to fully return them. But first, we would like you to admit it was a misconfiguration, not an exploit or hack. Also, please explain how you will prevent this from happening again.”

Notably, on-chain data shows the attacker’s address is linked to several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.

Mentioned in this article

Read the full article here

Share.

Leave A Reply

Your road to financial

freedom starts here

With our platform as your starting point, you can confidently navigate the path to financial independence and embrace a brighter future.

Registered address:

First Floor, SVG Teachers Credit Union Uptown Building, Kingstown, St. Vincent and the Grenadines

CFDs are complex instruments and have a high risk of loss due to leverage and are not recommended for the general public. Before trading, consider your level of experience, relevant knowledge, and investment objectives and seek financial advice. Vittaverse does not accept clients from OFAC sanctioned jurisdictions. Also, read our legal documents and make sure you fully understand the risks involved before making any trading decision

Exit mobile version