The decentralized finance (DeFi) protocol Rho Markets informed users Friday that $7.6 million worth of compromised user funds are now flowing back into the lending platform.
“We are thrilled to announce that the issue has been successfully resolved,” the project wrote on Twitter (aka X), emphasizing that no user funds were lost. “We are currently in the process of reassigning funds back to the borrow pools.”
Earlier in the day, an entity delivered a message on-chain, demanding Rho Markets establish a plan to address software issues that allowed it to siphon away a hefty sum of crypto.
“We understand that the funds belong to users and are willing to fully return,” the entity wrote. “But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end.”
Rho Markets, which exists on the Ethereum scaling network Scroll, warned on Twitter (aka X) hours before that its platform had been paused. Investigating reports of unusual activity, the project holding $40 million in crypto assets shut activity down swiftly.
A Rho Market dashboard indicated at the time that a total of $1.1 million and $2.3 million worth of the stablecoins Tether and USDC had been “borrowed” on the platform in amounts exceeding their listed supply. The same could be said of wstETH, a wrapped version of Lido-staked Ethereum, of which $6 million had been borrowed.
On Twitter, Scroll instructed users to “temporarily revoke all approvals,” preventing decentralized applications from accessing users’ funds. Before that, the account stated that Scroll had temporarily delayed the network’s finalization, suggesting that transactions on the network would take extra time to process.
According to the entity that swiped users’ funds, price oracles that communicate crypto prices to Rho Markets’ protocol were improperly implemented. The apparent error enabled a bot to order transactions in a profitable way.
An hour after the entity put forth its on-chain demands, around $7.6 million worth of Ethereum linked to the exploit was transferred to a different wallet.
Scroll nor Rho Markets immediately responded to a request for comment from Decrypt.
Rho Markets wrote in the aftermath that it would take “three meticulously planned steps”: assessing which accounts were supplying funds when its oracle broke, replenishing funds in the affected areas, and reinstating its normal lending functions.
“Rest assured, our team is diligently executing these steps to reinstate normalcy,” the project added, emphasizing its goal to “safeguard the interests of our valued users.”
Dear Rho Fams,
We are thrilled to announce that the issue has been successfully resolved, no fund get LOST, and we are currently in the process of reassigning funds back to the borrow pools.
Moving forward, we have outlined the following three meticulously planned steps in… pic.twitter.com/4ZhlpxhBmn
— Rho Markets📜 | Rho.scroll (@RhoMarketsHQ) July 19, 2024
The crypto sleuth ZachXBT had written on Twitter that “there’s a good probability” the funds would get recovered because the entity responsible for Friday’s exploit has “a ton of exposure to centralized exchanges.” As that would make it easier for law enforcement to identify the would-be attacker, he said the entity was likely taking an ethical approach.
While $7.6 million is a significant sum, it’s still a small slice of the overall assets locked within decentralized applications on Scroll, which have swelled to around $640 million from $174 million a month ago, according to DefiLlama data.
The scaling solution for Ethereum launched its public mainnet last October. Several months before, Scroll’s creators raised $50 million in an undisclosed funding round led by Polychain Capital, according to CryptoRank.
Friday wasn’t the first time an Ethereum scaling network has been impacted amid concerns over users’ lost crypto. Last month, Linea froze all transactions on its network to prevent attackers from stealing more crypto from the decentralized exchange Velcore. It worked.
Edited by Ryan Ozawa.