The entity behind a bot that extracted $7.6 million from Rho Markets last week has returned the funds to the liquidity and lending protocol deployed on the rollup chain Scroll. While first reported that a bug in an oracle contract allowed an attacker to walk away with the funds, it was a bot that conducted an MEV (maximum extractable value) attack. That occurred due to the reported issue with the oracle.
The attacker also left an on-chain message on the transaction siphoning the funds, reading, “We understand that the funds belong to users and are willing to fully return. But first, we would like you to admit that it was not an exploit or a hack but a misconfiguration on your end.”
Over the weekend, Rho Markets took to X to announce, “We have successfully completed the fund allocation,” talking about moving all the assets back into the protocol’s pools. “The protocol is now officially back online,” the post continued to read.
In another post, Rho Markets emphasized its willingness to increase security measures to prevent such occurrences from repeating, “We will introduce more third-party partners to enhance security measures, including on-chain data monitoring and smart contract audits. Additionally, we will strengthen internal security measures such as multiple internal reviews and rigorous simulation environment testing before going live on the mainnet.”
As the attacker returned the funds on the same day of the exploit, Rho Markets began working on reinstating the protocol, which was paused to prevent additional funds from leaving the platform. It mentioned a phased approach to going back live, including repaying accounts identified to be attacked during the hack, refilling drained liquidity pools, and finally resuming the borrowing and transfer features.
The attack happened on a scary week for crypto protocols and service providers. LI.FI was the victim of a $10 million exploit, and WazirX suffered a hack that stole over $230 million.
