Why the “indivisible” crypto key still managed to collect the attacker.
Cryptocurrency platform THORGAinerated the network has suspended the network after an attack that is supposedly associated with vulnerability in the key control mechanism. The attacker could gradually collect fragments of data and restore the private storage key to withdraw funds without the permission of the network operators.
The developers сообщилиsaid that the suspicion was caused by one of the recently connected nodes of the network. Experts found a link between Ethereum addresses from which RUNE tokens were bought and blocked to launch the node and addresses to where the stolen funds were later transferred. According to the current version, the attack was organized by one operator, although the investigation is ongoing.
The main version is related to the implementation of the GG20 TSS protocol. The mechanism should distribute parts of the key among several members of the network so that no one owns the full key as a whole. However, the vulnerability probably allowed the attacker to gradually receive fragments of classified data from the storage participants. Having accumulated enough information, the attacker was able to restore the private key and conduct unauthorized transactions.
After the incident, several operators of the nodes were emergency stopped by the network. Now THORChain is on pause. The developers admit that in about 12 hours will resume transfers RUNE and blockchain surveillance if operators do not make a different decision. Trading operations, actions with liquidity pools and signing transactions will remain unavailable.
The project team, along with THORSec and Outrider Analytics, continues to investigate and collect data to analyze the attack. THORChain also coordinates with law enforcement to identify the attacker and try to recover the stolen funds.
Now the community is discussing how to cover the damage. Among the proposals is to write off the pledges of the knots associated with the attacked storage, as well as to use liquidity owned by the protocol itself. The final decision has not yet been made. According to the developers, in order to fully restore trading operations and return the network to normal operation, it may take several days or more – depending on the chosen recovery plan.
Cryptocurrency platform THORGAinerated the network has suspended the network after an attack that is supposedly associated with vulnerability in the key control mechanism. The attacker could gradually collect fragments of data and restore the private storage key to withdraw funds without the permission of the network operators.
The developers сообщилиsaid that the suspicion was caused by one of the recently connected nodes of the network. Experts found a link between Ethereum addresses from which RUNE tokens were bought and blocked to launch the node and addresses to where the stolen funds were later transferred. According to the current version, the attack was organized by one operator, although the investigation is ongoing.
The main version is related to the implementation of the GG20 TSS protocol. The mechanism should distribute parts of the key among several members of the network so that no one owns the full key as a whole. However, the vulnerability probably allowed the attacker to gradually receive fragments of classified data from the storage participants. Having accumulated enough information, the attacker was able to restore the private key and conduct unauthorized transactions.
After the incident, several operators of the nodes were emergency stopped by the network. Now THORChain is on pause. The developers admit that in about 12 hours will resume transfers RUNE and blockchain surveillance if operators do not make a different decision. Trading operations, actions with liquidity pools and signing transactions will remain unavailable.
The project team, along with THORSec and Outrider Analytics, continues to investigate and collect data to analyze the attack. THORChain also coordinates with law enforcement to identify the attacker and try to recover the stolen funds.
Now the community is discussing how to cover the damage. Among the proposals is to write off the pledges of the knots associated with the attacked storage, as well as to use liquidity owned by the protocol itself. The final decision has not yet been made. According to the developers, in order to fully restore trading operations and return the network to normal operation, it may take several days or more – depending on the chosen recovery plan.
