The liquidity layer and lending protocol Rho Markets, built on the Ethereum Layer 2 network Scroll, announced on Friday (19th) that it has temporarily suspended its platform operations due to the detection of abnormal activities. A cybersecurity agency claimed that Rho Markets has been exploited with vulnerabilities, potentially resulting in losses exceeding $7.6 million. However, this does not seem to be a hacking incident, as the “attacker” has expressed willingness to return the funds through on-chain messages.
Blockchain security company Cyvers stated on a social media platform that Rho Markets’ decision to suspend platform operations seems to be due to a malicious actor gaining control over the oracle access. The affected liquidity pools involve USD stablecoins such as USDC and USDT. Currently, the attacker holds assets worth $7.6 million on multiple chains.
The Scroll team has also become aware of potential vulnerabilities in its ecosystem and stated on platform X that…
Shortly after, on-chain investigator ZachXBT mentioned that the attacker sent a message on the chain. According to the contents, the attacker seems to be not a hacker.
The actor behind this incident stated that their MEV (Maximal Extractable Value) robot has profited from the improper configuration of Rho Market’s oracle. They said, “We understand that these funds belong to users and are willing to return them in full,” but they expect Rho Market to acknowledge that this incident is not an exploit or hacking activity, but rather due to the improper configuration of the platform. They also requested Rho Market to explain how to prevent similar incidents from happening again.
Source:
ZachXBT
Subsequently, Yu Xian, the founder of internet security company SlowMist, stated that Rho Markets has almost fully returned the 2,203 ETH that was taken away by a certain MEV robot due to the oracle issue.
There were also some episodes in this incident. Some individuals in the cryptocurrency community questioned Scroll’s halt of the chain and claimed that this action goes against the core values of “permissionless” and “censorship resistance” of blockchain.
Later, Ye Zhang, co-founder of Scroll, responded, stating that it was just a delay in final confirmation to investigate whether the incident was related to the protocol’s security. The chain was not suspended and has been operating as usual. Even with the delay, the final confirmation time was still within a normal range (about 30 minutes). Ye Zhang also mentioned, “In the next phase of the decentralized process, we will not be able to do this; it is still ongoing.”
