Ethereum layer-2 network Scroll has encountered a setback in its chain finalization process due to a potential exploit within its system. The issue came to light on July 19 when Rho Markets, a lending protocol on the blockchain, detected unusual activity and decided to suspend operations for further investigation.
Cyvers Alert, a blockchain security firm, reported a hack of around $7.6 million on Rho Markets’ USDC and USDT pools. The firm pointed out that the incident was likely caused by a malicious actor exploiting oracle access control. The exploiter’s wallet was found to contain 2,203 ETH valued at $7.5 million, as well as other assets like Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.
In response to the hack, Scroll Network made the decision to delay its chain finalization process. The project explained that after consulting with the Rho Markets team, they chose to temporarily postpone the finalization to thoroughly assess the situation. It was confirmed that the exploit was specific to the application.
The delay in chain finalization raised questions about Scroll Network’s decentralization. Critics argued that the move contradicted decentralized principles, while supporters believed it was necessary to safeguard users’ assets. Andy, the co-founder of The Rollup, expressed his opinion that pausing state finalization to prevent loss of user funds was the right decision, especially for an ecosystem project striving to innovate.
Interestingly, the attacker behind the hack has shown willingness to return the stolen funds, leading to speculation that the incident may have been a whitehat act. On-chain messages shared by blockchain investigator ZachXBT revealed the attacker’s offer to return the funds under the condition that Rho Markets acknowledged the misconfiguration as their own fault, not a deliberate exploit. The attacker also requested an explanation on how such incidents could be prevented in the future.
It is worth noting that the attacker’s address is associated with several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX. This development adds another layer of complexity to the situation.
Overall, the incident involving Scroll Network and Rho Markets highlights the importance of robust security measures in the blockchain ecosystem. The ongoing debate about decentralization and the actions of the attacker continue to be topics of interest within the crypto community.