Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Market Overview
CoinMarketCap 100 Index
Fear and Greed Index
Altcoin Season Index
Bitcoin Dominance
Crypto ETFs
Overall NFT Stats
Upcoming Sales
New Pairs
Trending Pairs
Meme Explorer
Gainers & Losers
Community Votes
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Labs
Telegram Bot
Advertise
Crypto API
Site Widgets
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
Academy
Research
Videos
Glossary
Rho Markets, a scroll-based money market, suffered an exploit that resulted in a loss of over $7.5 million.
"We’ve detected unusual activity on our platform and are currently investigating it,” the team announced on its X account.
Exploit Mechanics
The attacker exploited a vulnerability in Rho Markets’ oracle system. Oracles are critical as they provide off-chain data to smart contracts. By manipulating the oracle, the hacker drained the protocol’s entire supply of USDT and USDC stablecoins. They withdrew more than double the posted collateral in Ether.
Blockchain security firm Cyvers initially suspected ‘Oracle access control by a malicious actor’ as the root cause. This was later confirmed by BlockSec, which noted a strange ownership transfer of the Oracle contract. On-chain detective ZachXBT suggested there was a high probability of fund recovery due to the attacker’s exposure to centralized exchanges.
Hacker's Demands
"Hello RHO team, our MEV bot have profited from your price oracle misconfiguration. We understand that the funds belong to the users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what are you going to do to prevent it from happening again.”
Recently, Rho Markets announced on Twitter that the incident has been resolved and funds will be reallocated back to borrow pools soon.
Dear Rho Fam,— Rho Markets📜 | Rho.scroll (@RhoMarketsHQ) July 19, 2024
We are pleased to inform you that the incident has been successfully resolved.
🔸We are currently in the process of reallocating funds back to the borrow pools. Rest assured, a comprehensive postmortem report will be shared with the community in due course.
🔸In…