Ethereum-based Rho Loan Protocol Hacked, $7.6M in USDC and USDT at Risk

• Ethereum layer-2 protocol Scroll-backed lending protocol Rho experienced a significant security breach today.
• The attack notably impacted the USDC and USDT pools, with the attacker currently holding around $7.6 million across multiple chains.
• The attackers communicated via an on-chain message, indicating they are willing to return the stolen funds to the users.

Read our latest report on the recent attack on Rho, the Ethereum layer-2 lending protocol officially supported by Scroll, and how the team is responding to this critical situation.

Rho Protocol Breach Shakes Crypto Community

In an alarming turn of events, the Ethereum layer-2 protocol Rho, supported by Scroll, fell victim to a sophisticated attack affecting its USDC and USDT liquidity pools. Early reports indicate a malicious actor gained critical access to the Oracle system, compromising the protocol’s integrity. The attacker managed to siphon off approximately $7.6 million and currently holds these funds across multiple blockchain networks.

Attacker Offers to Return Stolen Funds

In a surprising development, the perpetrator left an on-chain message expressing their readiness to return the misappropriated funds. “Our MEV bot exploited a misconfiguration in your price Oracle. We understand that these funds belong to your users and are fully prepared to return them,” stated the attacker. This turn of events has added a new layer of complexity to the incident, shifting it from pure malice to potential ethical hacking.

Scroll’s Immediate Response to the Breach

The Scroll team reacted swiftly upon discovering the vulnerability within their ecosystem. They promptly initiated a coordinated response with the Rho Market team’s developers. “Upon being alerted to a potential vulnerability within our ecosystem, Scroll acted swiftly in collaboration with the Rho team to verify the threat and implement a response plan,” stated a Scroll representative. Their quick action aims to mitigate further damage and reassure users about the security of their assets.

Postponement of Scroll’s Finalization

To thoroughly evaluate the situation, the Scroll team has decided to temporarily halt the finalization of their chain. They have also assured the community that this breach is an application-specific issue and does not indicate a systemic problem within the Scroll protocol itself. This assertion aims to maintain user confidence and ensure the community that necessary steps are being taken to resolve the issue.

Conclusion

The breach of the Rho protocol underscores the continuous and evolving threats within the cryptocurrency space. Scroll’s rapid response and the attacker’s unexpected willingness to return the funds highlight a unique dynamic in cyber security incidents within decentralized finance. As the situation unfolds, it serves as a critical reminder for protocols to bolster their security measures continually. Stay tuned for further developments and insights into how the crypto community navigates these turbulent waters.