Posted 2 months ago | by Catoshi Nakamoto
ThorChain and its native token Rune was one of the best performing crypto assets during the first leg of the 2021 bull run, with prices climbing from as low as 2 cents in January to an all time high of over 20 dollars in May. But recent weeks have brought a series of hammer blows to the platform, after not one, not two, but three separate attacks exposed some serious flaws on the network. The most recent of which saw hackers making off with coins worth over 8 million dollars. Today, we’ll be looking at how these latest attacks unfolded, how it’s been handled, and what it could mean for Thorchain’s future in the DeFi landscape.Read More
Let’s get it!
Welcome to BitBoy Crypto, home to the BitSquad – the largest and greatest crypto community in all the interwebs. My name is Ben. Every day, I show you how to make money in crypto. If you like money and crypto, be sure to smash that subscribe button.
The Norse Gods were rudely awoken last week to news of yet another hack on their chaosnet. Not long after Asgard’s very own treasure chest was ransacked to the tune of 2500 ether, this third exploit saw the perp stealing around 8 million dollars in assets.
Not a great look for a platform named after the swollest viking in all of mythology.
For those of you unfamiliar, ThorChain is a powerful cross-chain protocol that that allows users to trade crypto assets across various blockchains in a completely decentralized way. Typically, to trade non-native crypto assets like Bitcoin and Ethereum directly, you need the help of a middle-man. In other words, a centralized exchange. And while we have DEX’s like UniSwap and PancakeSwap, trades remain limited between native assets, for example, ECR20 and BEP20 tokens respectively. Sure, you can wrap your Bitcoin to be used cross-chain in Ethereum liquidity pools, but the process is clunky, and carries risks.
Enter ThorChain a liquidity pool that works cross-chain to eliminate the need for unnecessary wrapping. After being founded during a Binance hackathon in 2018, the project has stayed true to its roots, with a team that’s largely anonymous and community-driven. Before the crash in May, the price appeared to be going straight to the moon. But like most of the alts it saw a pretty brutal correction, and now to add insult to injury, it’s been hit by a serious amount of bad press.
So what went exactly down with the recent hacks?
Well, after experiencing the second exploit to its chaosnet in just a few weeks, ERC20 tokens worth approximate 2,500 ETH were withdrawn by an unknown trespasser. At first, this figure was estimated as being closer to 13000 ETH, then 4000, until being finally confirmed at around 2,500. This discrepancy was likely due to additional loss from arbitrageurs cashing in on price manipulation. As for the method of attack, a post-mortem report confirmed a custom wrapper had been used to trick the Bifrost protocol into reading a fake deposit. Oh, and upon executing the attack, the perp was hit by huge slippage fees of roughly $1.4 million. Ouch!
These hacks played out almost in real-time, with Thorchain’s super strong community receiving a stream of updates via Twitter and Telegram as the team scrambled to take control. During the second hack in mid July, the network was brought to halt. This drew criticism from some. I mean, surely any network that can be suspended so easily can’t, by definition, be all that decentralized.
Well it’s not that simple. After all, pausing the network isn’t a case of simply smashing a big red button in Asgard’s control room. Instead, the network has specific thresholds, and requires a certain number of nodes to run or halt the network. All to ensure no individual or minority can affect the system. Oh, and since I mentioned smashing buttons, don’t forget hit that like and subscribe to help us keep getting our content past Youtube’s highly centralized controls.
But back to Thorchain. And as for their decentralized status, you’ve also got to consider their roadmap, which will eventually see the protocol passed over to Rune holders themselves, with the admin keys being destroyed in the process.
Despite some criticism, the community has overwhelmingly defended ThorChain’s handling of the situation, praising their clear and open communication throughout, and the promise that any affected liquidity providers would have their losses covered. ‘Leadership in action during tough times’. Words that, I assure you, have never, ever been uttered about a centralized exchange. I mean, can you imagine Coinbase offering up its treasury’s balance sheet to present the range of options to the community? Me neither.
It’s important to note that anyone left out of pocket has been taken care of, so the only one shouldering the burden is the Thorchain treasury itself. As ThorChain tweeted, insuring network funds is exactly what the war chest is for. I mentioned their community was strong, but if you wanted proof, look no further than this ThorChad on their Discord server. Wow. One lucky arbitrageur that benefited from the second hack, offered the 10 Eth he received back to the Thorchain treasury.
The third exploit came only a week later with an attack on the ETH router, after a hacker was able to trick the Bifrost protocol into accepting a deposit of fake assets before claiming a refund. According to a message hidden in the transaction hash, they could have taken a whole lot more too, including ETH, BTC, BNB, and BEP20s. Making this what’s known as a white hat hack, where impact is intentionally limited in order to teach a lesson. They even signed off by urging Thorchain not to ‘rush code that controls 9 figures’. And it would appear the team has taken note, reassuring the community that the treasury has the funds to recover, and also that it’s time to slow down.
So, not exactly a great month for ThorChain. But what about the price.
Well, suffice to say, things were already way off the prices we saw in May. But the hacks drove prices down even further to a recent low of $3.01, a massive 7x below the ATH of over $20. Some people found this amusing. Like the self-appointed Bitcoin Messiah himself, Max Keiser, who took to twitter to post this chart. He even called the team crooked for halting the network. Which is ironic, and as ThorChain pointed out in a series of tweets, when Bitcoin faced a problem in the code almost ten years ago, Satoshi himself took to a forum to resolve it along with other devs in a very similar process. What Maxi Max doesn’t seem to understand is that Rune is an innovating piece of tech still in the process of being battle tested. Maybe he doesn’t even understand the problem it promises to solve. Also…has this man never done a leg day? What is going on here?
Now I’ll admit, there’s no way to spin it: that is one fall from the Valhalla. But that’s after it saw insane gains of over 2000% in less than 12 months. Why? Because it has a phenomenal community of devs, stakers and validators. And it solves a genuine problem at the heart of decentralized finance.
Yes, ThorChain clearly isn’t the finished article yet, as evidenced by the recent exploits. But if you believe in the long-term potential of DeFi, and I certainly do, then you’ll recognize the clear and obvious use-case for groundbreaking cross-chain protocols like these. As ShapeShift’s CEO said after the second hack, incidents like these will prove a vital part of the journey. He even went so far as to describe it as “worth it”. Because it’s only by addressing system flaws at this early stage that it can become truly resilient. When ThorChain becomes as strong against attack as its name would suggest, then as they say in Old Norse: it could ride all the way to Valhalla, baby. It’s definitely something we’ll be watching closely.
That’s all I got. Be blessed, Bitboy out.