Rho Markets experiences a temporary $7.6M loss of user assets due to gray hat hackers.
In an intriguing development, Rho Markets, a lending protocol that operates on the Ethereum layer two networks Scroll, suffered a harrowing encounter with grey hat hackers that resulted in the temporary loss of $7.6 million in users’ assets.
Rho Markets announced in an X post on Friday that they had observed some suspicious activity on their platform, which prompted them to suspend all operations and initiate an investigation.
The crypto lending platform guaranteed that most of its token pools were secure and that there was no reason for concern.
Nevertheless, Cyvers Alerts disclosed that Rho Markets had been compromised, resulting in the theft of $7.6 million in assets from the platform’s USDT and USDC token pools.
They also claimed that the incident was the result of these peculiar actors obtaining access to Rho Markets’s oracle control.
An oracle is a mechanism that enables smart contracts to function efficiently by providing external data to a blockchain, thereby granting them access to real-time information.
Therefore, the hackers could transfer assets off the DeFi platform by manipulating the oracle, which altered the data supplied to the smart contracts on Rho Markets.
Nevertheless, the hackers promptly transmitted an on-chain message that indicated their readiness to restitute the stolen funds, subject to a specific stipulation. The message was as follows:
Hello RHO team, our MEV bot has profited from your price oracle misconfiguration. We understand that the funds belong to users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what are you going to do to prevent it from happening again.
This development suggested that Rho Markets was engaging with gray hat hackers, who attack platforms to expose potential system vulnerabilities.
In contrast to white hat hackers, who are employed by platforms to identify potential security vulnerabilities, gray hat hackers typically operate without the consent of their targets.
Rho Markets announced that they had effectively resolved the security incident, and all user assets were confirmed to be secure just a few hours later.
Moving forward, they plan to refund their USDC, USDT, and WETH pools and identify all active supply accounts at the time of the attack.
Lastly, Rho Markets has announced that they will gradually recommence the borrowing and transfer services on the platform but will ensure that they adhere to stringent security protocols.