Rho Markets, a decentralized lending protocol built on the Scroll blockchain, halted operations after a security incident that compromised its USDC and USDT pools.
Blockchain security firm Cyvers initially reported that the attacker had gained access and control of Rho’s oracle and had siphoned $7.6 million from the protocol. The Scroll team also opted to briefly delay the finalization of the blockchain as it assessed the situation.
Security researchers pointed to the exploiter’s exposure to a number of centralized exchanges as a good sign that fund could be recovered, or that the attack itself was orchestrated by a white-hat hacker.
Sure enough, the attackers sent an onchain message to the Rho Markets team, saying that maximal extractable value (MEV) bot in their possession had profited from the oracle misconfiguration.
“We understand that the funds belong to users and are willing to fully return. But first we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again,” said the Rho exploiters.
A few hours later, the Rho Markets team announced that no funds had been lost from the incident and that the protocol was in the process of reallocating funds to the impacted borrow pools.
The incident comes after more than $230 million was stolen from major Indian crypto exchange WazirX. The attackers, allegedly linked to North Korean cybercrime group Lazarus, has already converted $200 million worth of the stolen funds to ether, according to blockchain wallet tracker Spot On Chain.