Cross-chain liquidity protocol THORChain has fully recovered from two summer exploits that compromised millions of dollars in user funds. The company announced Thursday that it had received passing grades in a new security audit.
The simultaneous audits, which were carried out by cybersecurity companies Trail of Bits and Halborn, allowed THORChain to implement a five-step recovery plan. THORChain’s contributors now say the protocol is fully operational after a restart brought all the major cryptocurrency integrations and cross-chain trading features back online.
In addition to the audit, THORChain announced that it has commissioned Immunefi, a leading bug bounty platform for the DeFi sector, with a bounty program to identify new vulnerabilities as they arise.
The launch of THORChain earlier this year came with much fanfare, as it marked an important evolution in decentralized exchanges. In July, however, the platform suffered two multi-million-dollar security breaches, the first being a $7.6 million Ether (ETH) exploit that generated significant backlash. As Cointelegraph reported, network activity was halted as developers investigated the extent of the damage.
Roughly one week later, a white hat attacker drained the protocol of roughly $8 million worth of ETH, but would later request a 10% bounty for returning the funds. The two thefts capped off a horrible month for THORChain, with even its biggest supporters calling for a slowdown in project ambitions.
Thorchain has had a horrible month, not going to sugar coat it. Bleh— Erik Voorhees (@ErikVoorhees) July 23, 2021
The project needs to slow down. Time to take the tortoise strategy.
Regardless, I remain a committed supporter, and am glad these issues are being discovered during chaosnet. https://t.co/gcWCyFYuTI
Security breaches are nothing new for the cryptocurrency market, with DeFi emerging as a popular attack vector for cybercriminals. According to industry sources, roughly $1.2 billion has been lost to DeFi exploits. That figure omits the recent nine-figure exploit of Cream Finance, which suffered a major flash loan hack on Wednesday.