Ethereum Layer 2 Rho Markets Suffers $7.6M Security Breach

Rho MarketsHQ has disclosed a security breach on its platform that runs on the Ethereum Layer 2 solution, Scroll. The attack was on the Oracle controls and this led to the shutting down of the platform temporarily.

Rho Markets Suffers $7.6M Security Breach

RhoMarketsHQ has noted some suspicious activities on its platform and therefore stopped its operations. The root cause of the incident was determined to be an unauthorized access by a hacker through a Oracle control vulnerability.

Some of the affected pools are the USDC and USDT, and the current balance held by the attacker is around $7.6 million in multiple chains. The platform has come out to assure the users that majority of the pools are still safe and that they will reopen as soon as the problem is sorted out.

Scroll was notified of a potential exploit within our ecosystem.

After verification with the RhoMarket team, we initiated a coordinated response. To thoroughly assess the situation, Scroll decided to temporarily delay the finalization of the chain.

We have confirmed that the…

— Scroll (@Scroll_ZKP) July 19, 2024

Scroll, the Ethereum Layer 2 solution provider, verified the attack within the RhoMarkets ecosystem. Upon confirming the incident with the Rho Market’s team, Scroll mobilized the response and postponed the chain’s finalization to ensure that it could be investigated properly. Subsequently, Scroll has established that the issue was specific to the application and the finalization is no longer being held up. According to the report, RhoMarkets is at the forefront of efforts to contain and counter the security breach.

Attacker’s Message and Intent

Blockchain detective ZachXBT revealed that the hacker contacted RhoMarkets through an on-chain message. The message stated: 

“Hello RHO team, our MEV bot profited from your price oracle misconfiguration. We understand that the funds belong to users and are willing to fully return. But first, we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again.” 

This shows that the attacker is willing to return the funds if RhoMarkets admits to the misconfiguration. In response to the breach, Scroll has advised all users to revoke all approvals to Scroll’s contracts until further notice.

This is Breaking Story Please Check Back for More

The post Ethereum Layer 2 Rho Markets Suffers $7.6M Security Breach appeared first on CoinGape.