It has been reported that ThorChain revised the initial estimate that 13,000 ETH (worth $25.1 million) had been stolen, down to 4,000 ETH ($7.6 million) as a ballpark for damages. A subsequent, community-provided rundown of stolen assets suggests the figure is closer to $ 6 million.
However, in the ThorChain community Telegram channel, administrators have indicated the project has the funds needed to cover users’ stolen assets but articulated a preference for the hacker to return the stolen funds in exchange for a bug bounty.
A Telegram post stated:
“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery. User funds will be available when the issue has been patched & the network resumes.”
The report said that ThorChain has since tweeted that its preliminary roadmap to recovery is underway, announcing that after the vulnerability is patched and the network restarted, Ether will be donated to liquidity provider pools to reimburse impacted users. From there, the team plans to engage security firms to have its contracts audited.
Blockchain cybersecurity firm, Halborn Security, is compiling a proposal to the ThorChain community for "Advance Persistent Protection," offering up a team of up to half a dozen "ethical security engineers working to break every update on ThorChain." Thorchain entered into its guarded "Chaosnet" launch during April, facilitating cross-chain swaps across the Bitcoin, Ethereum, Litecoin, Bitcoin Cash, and Binance Chain networks.
Chris Blec, the founder of DeFi Watch, said that the staged "raise the caps" launch of ThorChain had prevented an even greater loss of funds.
Thus, ThorChain has been targeted by hackers during its Chaosnet deployment, with the protocol losing at least $140,000 worth of assets last month.