Ethereum Layer-2 Network Scroll Delays Chain Finalization Due to Potentially Exploitable Bug
Ethereum layer-2 network Scroll has delayed its chain finalization due to a potentially exploitable bug within its ecosystem.
Rho Markets Detects Unusual Activity and Suspends Operations
On July 19, Rho Markets, a lending protocol on the blockchain, detected unusual activity and suspended operations to investigate.
Blockchain Security Firm Reports Hack of Approximately $7.6 Million
Blockchain security firm Cyvers Alert reported a hack of approximately $7.6 million on Rho Markets’ USDC and USDT pools. The firm stated:
“The root cause of this incident seems to be an oracle access control by a malicious actor!”
Exploiter’s Wallet Holds 2,203 ETH Worth $7.5 Million and Other Assets
According to DeBank’s dashboard, the exploiter’s wallet holds 2,203 ETH worth $7.5 million and other assets like Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.
Scroll Network Delays Chain Finalization to Assess the Situation
In response, Scroll Network stated that it was delaying its chain finalization. The project stated:
“After verifying with the Rho Markets team, we initiated a coordinated response. To thoroughly assess the situation, Scroll decided to temporarily delay chain finalization. We confirmed that the exploit was application-specific.”
Debate About Decentralization and Chain Finalization
Meanwhile, Scroll’s decision sparked a debate about the network’s decentralization. Critics argue that delaying the chain contradicts decentralized principles, while supporters believe the move was necessary to protect users’ assets.
Andy, the co-founder of The Rollup, stated:
“Until things are close to being maximally decentralized I think pausing state finalization to prevent user funds being lost is right. Especially an ecosystem project who is trying to innovate. I don’t know what this says about Scroll’s censorship resistance though.”
Whitehat Hacker?
Meanwhile, the attacker appears willing to return the stolen funds, leading to speculations that the incident might be a whitehat act.
On-chain messages shared by blockchain investigator ZachXBT show the attacker’s willingness to return the funds. The message reads:
“Hello RHO team, our MEV bot profited from your price oracle misconfiguration. We understand the funds belong to users and are willing to fully return them. But first, we would like you to admit it was a misconfiguration, not an exploit or hack. Also, please explain how you will prevent this from happening again.”
Notably, on-chain data shows the attacker’s address is linked to several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.
Conclusion
The incident highlights the importance of security and vigilance in the blockchain ecosystem. While Scroll Network’s decision to delay chain finalization may have been necessary to protect users’ assets, it also raises questions about the network’s decentralization and censorship resistance. The incident also raises questions about the identity and motivations of the attacker, with some speculating that it may be a whitehat hacker.
FAQs
Q: What is the Ethereum layer-2 network Scroll?
A: Scroll is an Ethereum layer-2 network that aims to improve the scalability and usability of the Ethereum blockchain.
Q: What is the issue with Rho Markets?
A: Rho Markets, a lending protocol on the blockchain, detected unusual activity and suspended operations to investigate. Blockchain security firm Cyvers Alert reported a hack of approximately $7.6 million on Rho Markets’ USDC and USDT pools.
Q: What is the impact of the hack on Scroll Network?
A: Scroll Network delayed its chain finalization to assess the situation and protect users’ assets. The decision sparked a debate about the network’s decentralization and censorship resistance.
Q: Is the attacker a whitehat hacker?
A: The attacker appears willing to return the stolen funds, leading to speculations that the incident might be a whitehat act. However, the true identity and motivations of the attacker remain unknown.
Q: What is the significance of the incident?
A: The incident highlights the importance of security and vigilance in the blockchain ecosystem. It also raises questions about the decentralization and censorship resistance of Scroll Network and the motivations of the attacker.
