Ethereum layer-2 network Scroll has delayed its chain finalization due to a potentially exploitable bug within its ecosystem.
On July 19, Rho Markets, a lending protocol on the blockchain, detected unusual activity and suspended operations to investigate.
Blockchain security firm Cyvers Alert reported a hack of approximately $7.6 million on Rho Markets’ USDC and USDT pools. The firm stated:
“The root cause of this incident seems to be an oracle access control by a malicious actor!”
According to DeBank’s dashboard, the exploiter’s wallet holds 2,203 ETH worth $7.5 million and other assets like Mantle’s MNT, Binance’s BNB, and Fantom’s FTM tokens.
In response, Scroll Network stated that it was delaying its chain finalization. The project stated:
“After verifying with the Rho Markets team, we initiated a coordinated response. To thoroughly assess the situation, Scroll decided to temporarily delay chain finalization. We confirmed that the exploit was application-specific.”
Meanwhile, Scroll’s decision sparked a debate about the network’s decentralization. Critics argue that delaying the chain contradicts decentralized principles, while supporters believe the move was necessary to protect users’ assets.
Andy, the co-founder of The Rollup, stated:
“Until things are close to being maximally decentralized I think pausing state finalization to prevent user funds being lost is right. Especially an ecosystem project who is trying to innovate. I don’t know what this says about Scroll’s censorship resistance though.”
Whitehat hacker?
Meanwhile, the attacker appears willing to return the stolen funds, leading to speculations that the incident might be a whitehat act.
On-chain messages shared by blockchain investigator ZachXBT show the attacker’s willingness to return the funds. The message reads:
“Hello RHO team, our MEV bot profited from your price oracle misconfiguration. We understand the funds belong to users and are willing to fully return them. But first, we would like you to admit it was a misconfiguration, not an exploit or hack. Also, please explain how you will prevent this from happening again.”
Notably, on-chain data shows the attacker’s address is linked to several centralized crypto exchanges, including Binance, Gate, KuCoin, and OKX.