Rho, the lending protocol officially supported by the Ethereum layer-2 protocol Scroll, was hacked today.
The attack significantly impacted USDC and USDT pools, and the attacker currently holds approximately $7.6 million in funds across multiple chains.
Attackers Who Hacked Rho Say They Are Ready to Refund Users' Money in the On-Chain Message They Published
The attack appears to have been caused by a malicious actor gaining access and control over Oracle. “Our MEV bot profited from the misconfiguration of your price oracle. We understand that the funds belong to the users and we are ready to refund them in full,” the attacker said. said.
The Scroll team responded quickly after learning about the potential vulnerability in their ecosystem. “Scroll was made aware of a potential vulnerability in our ecosystem. After verifying with the Rho Market team, we initiated a coordinated response,” the developers said.
In order to thoroughly evaluate the situation, Scroll decided to temporarily postpone the finalization of its chain. The team also confirmed that the vulnerability in question was application-specific and not a systemic problem in the Scroll protocol.
*This is not investment advice.