- Rho Markets saw a $7.6M exploit due to an Oracle access control vulnerability.
- The exploiter offered to return the funds only if the team admits to a misconfiguration error.
- Rho Markets has resolved the issue, with plans to restore affected balances and enhance security protocols.
An individual claiming responsibility for a $7.6 million exploit of lending protocol Rho Markets on the Scroll blockchain has offered to return the stolen funds, but with a catch. The individual is demanding that Rho Markets publicly acknowledge the incident as a misconfiguration rather than an exploit or hack.
On Friday, July 19, Rho Markets acknowledged detecting unusual activity on its system and paused operations to investigate the matter.
According to blockchain security firm Cyvers Alert, the incident resulted in a loss of approximately $7.6 million from Rho Markets’ USDC and USDT pools. The report noted that a malicious actor exploited an Oracle access control vulnerability to execute the hack.
The exploiters, meanwhile, reached out to the RHO team via an on-chain message, acknowledging that their MEV bot had taken advantage of the price oracle misconfiguration. The exploiters took responsibility for their actions, stating that they understand the funds belong to the users and are willing to return them in full.
However, they attached a condition to their offer: they want the Rho Markets team to publicly acknowledge that the incident was not an exploit or a hack but rather a misconfiguration on their end. Furthermore, the exploiter is seeking assurances from the team on what measures they will take to prevent such an incident from recurring.
Crypto detective ZachXBT called attention to the exploiter’s message in a recent post on X.
Through a subsequent update, Rho Markets disclosed that the detected issue had been successfully resolved, with “no funds lost” in the process. The team noted they are now in the process of reassigning funds back to the borrow pools and outlined a three-step plan to ensure a seamless restoration of affected balances.
This includes identifying affected accounts, replenishing funds into the USDC/USDT/wstETH pools, and reinstating borrowing and transfer functionalities with enhanced security protocols. With the situation now under control, the Rho Markets team expressed gratitude for the understanding and support of its valued users during this time.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.