MCCN Exploit Update
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used
Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
Loss:
Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community.
Method:
ETH Bifrost was tricked using a custom wrapper to read a deposit amount of 200 when it was actually zero. More details will be provided in the upcoming post mortem blog.
Discovery:
The issue was discovered by a community dev and anonymous nodes voluntarily used
make halt command to stop their nodes. Once more than 1/3rd nodes had been halted, the network itself was halted. This was a decentralized action taken by node operators to protect the network.Recovery:
1. Release the patch & restart the network > block pending outbounds > restore solvency.
2. Donate funds back to the ETH pool to restore lost funds to LPs
3. Release auto-solvency checker as a future preventative measure
4. Continue working with security firms to audit.
This is a disappointing moment for all, but LPs and Nodes should be unaffected after all is recovered (the funds will be restored). The network will be stronger and more resilient.
The THORChain community appreciate the inflow of support. More info to come in due course.
THORChain Announcements pinned «MCCN Exploit Update Loss: Approx ~$4.9mm USD was taken in the exploit, far less than the intitial figures posted earlier. A granular breakdown is being developed by the community. Method: ETH Bifrost was tricked using a custom wrapper to read a deposit amount…»
Post-mortem: ETH Router Exploits 1 & 2, and premature Return To Trading Incident
* The exploits
* Fixes and network response
* 5 Pronged Recovery Plan.
* Liabilities and Treasury
* Mainnet
Read more:
https://medium.com/thorchain/post-mortem-eth-router-exploits-1-2-and-premature-return-to-trading-incident-2908928c5fb
* The exploits
* Fixes and network response
* 5 Pronged Recovery Plan.
* Liabilities and Treasury
* Mainnet
Read more:
https://medium.com/thorchain/post-mortem-eth-router-exploits-1-2-and-premature-return-to-trading-incident-2908928c5fb
Medium
Post-mortem: ETH Router Exploits 1 & 2, and premature Return To Trading Incident
The ETH Router Exploit 1 & 2, Premature Trading, fixes and network response, as well as the 5 Pronged Response.
Hardening the THORChain Protocol
Steps taken to make THORChain more resilient to attacks and network uncertainty.
* Automatic Solvency Checker
* Granular Network Pause Controls
* Node Timeouts
* Outbound Throttling
* Node Broadcast Bot
* Live Monitoring
https://medium.com/thorchain/hardening-the-thorchain-protocol-f80164de7685
Steps taken to make THORChain more resilient to attacks and network uncertainty.
* Automatic Solvency Checker
* Granular Network Pause Controls
* Node Timeouts
* Outbound Throttling
* Node Broadcast Bot
* Live Monitoring
https://medium.com/thorchain/hardening-the-thorchain-protocol-f80164de7685
Medium
Hardening the THORChain Protocol
Steps taken to make THORChain more resilient to attacks and network uncertainty.
Monthly Treasury Report - July&August 2021
The treasury comprises of $194m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured. The protocol has 180m in RUNE reserves. Planned Obsolescence July 2022.
https://medium.com/thorchain/monthly-treasury-report-july-august-2021-b6ffb7b29268
The treasury comprises of $194m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured. The protocol has 180m in RUNE reserves. Planned Obsolescence July 2022.
https://medium.com/thorchain/monthly-treasury-report-july-august-2021-b6ffb7b29268
Medium
Monthly Treasury Report — July&August 2021
The treasury comprises of $194m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured…
Quarterly Treasury Report - Q3 2021
The treasury comprises of $273m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured. The protocol has $2.5bn in RUNE reserves. Planned Obsolescence July 2022.
https://medium.com/thorchain/monthly-treasury-report-q3-2021-188467360556
The treasury comprises of $273m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured. The protocol has $2.5bn in RUNE reserves. Planned Obsolescence July 2022.
https://medium.com/thorchain/monthly-treasury-report-q3-2021-188467360556
Medium
Quarterly Treasury Report — Q3 2021
The treasury comprises of $273m, funding protocol development, liquidity and paying out to community grants. Liabilities have been secured…
Who let the DOGE out?
Devs solved the DOGE imbalance pricing; open for community to add LP.
Note: DOGE pool depth is low right now. Recommended to add LP symmetrically.
Swap or add asym at your own risk.
Devs solved the DOGE imbalance pricing; open for community to add LP.
Note: DOGE pool depth is low right now. Recommended to add LP symmetrically.
Swap or add asym at your own risk.
Reminder! Please withdraw all Binance Beacon Chain (BEP2): Liquidity Pools (LP) positions, Synths and Savers before 29-Feb.
After that, Ragnarok (auto-refund) will be on best-effort basis only.
After that, Ragnarok (auto-refund) will be on best-effort basis only.
ADR12 has passed.
CR 200% already implemented.
6pm RUNE burn will be in v1.128. ETA possibly 1-3 weeks.
https://gitlab.com/thorchain/thornode/-/blob/develop/docs/architecture/adr-012-scale-lending.md?ref_type=heads
CR 200% already implemented.
6pm RUNE burn will be in v1.128. ETA possibly 1-3 weeks.
https://gitlab.com/thorchain/thornode/-/blob/develop/docs/architecture/adr-012-scale-lending.md?ref_type=heads
GitLab
docs/architecture/adr-012-scale-lending.md · develop · THORChain / THORNode · GitLab
THORChain is a CosmosSDK state machine for decentralised liquidity on UTXO, EVM and BFT chains, supporting both ECDSA and EDDSA protocols. The protocol is attached to a signing-engine...
THORChain is currently not processing AVAX transactions due to a global outage of Avalanche C-Chain.
https://x.com/pluto9r/status/1761016104258806065
https://x.com/pluto9r/status/1761016104258806065
X (formerly Twitter)
Pluto (9R) (@Pluto9r) on X
THORChain is currently not processing $AVAX transactions due to a global outage of Avalanche C-Chain.
Forwarded from THORChain Alerts
✅ Heads up! Trading is resumed on the AVAX chains!
Final call for LP/Savers/Synths withdrawal for BEP2 assets on @THORChain. Still $6.75m worth in the pools.
BEP2 halt, then best effort Ragnarok will happen imminently. Even swaps to/from BEP2 should be conducted with caution. Just don’t touch it anymore, please. 🙏💚⚡️
BEP2 halt, then best effort Ragnarok will happen imminently. Even swaps to/from BEP2 should be conducted with caution. Just don’t touch it anymore, please. 🙏💚⚡️
Forwarded from THORChain Alerts
🚨🚨🚨 Attention! Trading is halted on the ETH chain! Refrain from using it until the trading is restarted! 🚨🚨🚨
Standing $50k Bounty To Call a Pause
There is now a standing $50k bounty to any community member that is first to find a suspicious transaction and ask a node to
False positives not paid; but will not attract criticism.
> halt early, halt often
The protocol is complex and there are many edge cases devs simply cannot plan for. The community is the first and last line of defence.
There is now a standing $50k bounty to any community member that is first to find a suspicious transaction and ask a node to
make pause "recommend pause now" "can a node pause please" etcFalse positives not paid; but will not attract criticism.
> halt early, halt often
The protocol is complex and there are many edge cases devs simply cannot plan for. The community is the first and last line of defence.