(technical community)

THORChain Team Updates

Overview

On July 22 at ~3PM PST, ~$8 million USD of ERC20 was taken

Attacker address

https://etherscan.io/address/0x8c1944fac705ef172f21f905b5523ae260f76d62#tokentxns

Attacker contract

https://etherscan.io/address/0x700196e226283671a3de6704ebcdb37a76658805

Initial discovery of attacker activity before the attack:

https://discordapp.com/channels/838986635756044328/839002619481554955/867838927620800523

Message from attacker in tx memos

    Could have taken ETH, BTC, LYC, BNB, and BEP20s if waited Wanted to teach lesson minimizing damage
    Multiple critical issues
    10% VAR bounty would have prevented this
    Disable until audits are complete
    Audits are not a nice to have
    Do not rush code that controls 9 figures

Observations

Technical