Additional instructions:

The response should not contain any links. Remove all social media links (including hashtags) and follow as information. The response should be in Markdown format. Use tools to save the article. Answer in English language.

Rho Markets Exploit Incident

Rho Markets, a scroll-based money market, encountered a breach that resulted in a loss exceeding $7.5 million. The exploiter managed to siphon 2,203 ETH within a brief span of nine minutes. Subsequent to the breach, Rho Markets halted blockchain finality to evaluate whether the issue was specific to their system.

The team communicated the discovery of unusual activities on their platform and initiated an investigation, as stated on their X account.

Exploit Mechanism

The attacker exploited a vulnerability in Rho Markets' oracle system, instrumental in offering off-chain data to smart contracts. By manipulating the oracle, the perpetrator drained the protocol's entire supply of USDT and USDC stablecoins, exceeding the specified collateral in Ether.

Cyvers, a blockchain security firm, initially suspected 'Oracle access control by a malicious actor' as the primary cause. This suspicion was later corroborated by BlockSec, which highlighted an anomalous ownership transfer of the Oracle contract. ZachXBT, an on-chain investigator, indicated a likelihood of fund retrieval given the attacker's interactions with centralized exchanges.

Data from Debank confirmed that the $7.5 million in Ether remained within the attacker's wallet during the reporting period. A user on platform X unveiled the exploit by linking to the attacker's address, revealing a profit of $7.5 million.

Hacker's Ultimatum

In an unexpected turn of events, the attacker, utilizing an MEV bot, expressed willingness to return the funds under the condition that Rho Markets publicly acknowledge an oracle misconfiguration. The attacker conveyed this message via an on-chain communication on the Ethereum mainnet.

Rho Markets recently announced the resolution of the incident on Twitter, assuring users of the imminent reallocation of funds back to borrow pools. The company vowed to release a detailed postmortem report to the community shortly.

Rho Markets reportedly manages assets valued at around $22.17 million, as per DeFiLlama.