In an interesting turn of events, Rho Markets, a lending protocol based on the Ethereum layer two networks Scroll, has had a daunting experience with grey hat hackers involving the temporary loss of $7.6 million in users’ assets.
Rho Markets’ Security Breach Exposed By Gray Hat
In an X post on Friday, Rho Markets announced they had noticed some suspicious activity on their platform, prompting them to suspend all operations and commence an investigation. The crypto lending platform assured all users that the majority of its token pools were secured, and there was no cause for concern.
Related Reading: $235 Million Crypto Theft from WazirX Was ‘Perpetrated’ By North Korean Hackers, Report Reveals
However, Cyvers Alerts revealed that Rho Markets had been compromised with the attackers making away with $7.6 million worth of assets from the platform’s USDT and USDC token pools. They further stated that the incident occurred due to these strange actors gaining access to Rho Markets’s oracle control.
For context, an oracle is a mechanism that provides external data to a blockchain enabling smart contracts to function efficiently with access to real-time information. Therefore, by manipulating the oracle, the hackers were able to alter the data fed to the smart contracts on Rho Markets, allowing them to move assets off the DeFi platform.
However, the hackers soon sent an on-chain message showing a willingness to return the stolen funds, however on a given condition. The message read:
Hello RHO team, our MEV bot has profited from your price oracle misconfiguration. We understand that the funds belong to users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what are you going to do to prevent it from happening again.
This development indicated that Rho Markets was dealing with gray hat hackers, i.e. individuals who hack platforms with good intentions, perhaps to reveal potential system vulnerabilities. Gray hat hackers usually conduct their operations without permission from their targets, unlike white hat hackers who are employed by platforms to detect possible security flaws.
Rho Markets Recover Assets, Promise Better Security Measure
A few hours following the security incident, Rho Markets announced they had successfully rectified the situation with all user assets confirmed safe. Moving forward, they intend to refund their USDC, USDT, and WETH pools, as well as identify all active supply accounts at the time the attack occurred. Finally, Rho Markets states they will systematically resume borrowing and transfer services on the platform but with strict adherence to tight security protocols.