July has been a volatile month for the multi-chain DeFi project Thorchain.
In the past two weeks, the project has fallen to two major hacks, which saw its native token, RUNE, fall from a local high of $7.61 down to below $4.
During the second exploit, the attacker also left a note that they could’ve easily made off with much more. Instead, they “wanted to teach [a] lesson” to the Thorchain developers.
The team scrambled to gather additional reviews from their audit partners, specifically Trail of Bits and Halborn Security, launch a $500,000 bug bounty program with ImmuneFi, and even make plans to establish insurance measures for any future breaches.
They also reported that they hosted “over 20 white hat security specialists for a Thorchain code walkthrough,” indicating that “there are more shadowy super coders working on security than core [developers] building.”
Overwhelming support to enhance @THORChain
– @trailofbits audit
– @HalbornSecurity audit + 6 FT engineers
– @immunefi bug bounty program @ninerealms_cap ($500K program)
– Insurance planned @NexusMutual, @CoverProtocol, @riskharbor, @riskharbor
– Everyone’s eyes on the code
— Tom Shaughnessy ? (@Shaughnessy119) July 28, 2021
With so many eyes on the code, investors now appear much more confident in the project’s security. At press time, RUNE has exploded by 36.3% in the past 24 hours, making it the biggest gainer for the top 100 cryptocurrencies, according to CoinGecko.
Thorchain is a decentralized exchange, akin to Uniswap, that’s built on the Cosmos blockchain. By using Cosmos’ multi-chain capabilities, Thorchain allows traders to swap cryptocurrencies even if they aren’t the same token standard. This is possible without Thorchain, of course, but you would need the help of a custodian such as Coinbase. The DeFi project instead decentralizes this exchange through its “Chaosnet” capability launched in April.
Chaosnet has, however, been the primary vulnerability behind the latest string of hacks, with some commentators saying the feature was rolled out too quickly. “The project needs to slow down,” said ShapeShift founder Erik Voorhees. “Time to take the tortoise strategy.”
After pausing the network and recouping, it now appears the tortoise strategy has paid off handsomely.