Decentralized exchange aggregator THORSwap has announced a reward offer following a breach where approximately $1.2 million in assets was stolen.
Reward Program Launched Post-Attack
THORSwap reached out to the attacker via a blockchain message, offering a reward for the return of the assets. The message stated that legal proceedings would not be initiated if the stolen coins were returned within 72 hours. Initially reported by blockchain security firm PeckShield as a breach of the THORChain protocol, it was later clarified that the attack targeted an individual wallet. THORSwap CEO Paper X confirmed the incident, emphasizing that the protocols remained unharmed, and only a personal wallet was compromised.
Details of the Attack
Blockchain analyst ZachXBT suggested that the attack might have targeted Thorbjornsen’s personal wallet. The assailant managed to steal approximately $1.03 million in Kyber Network altcoins and $320,000 in THORSwap coins. A significant portion of the stolen assets was converted into Ethereum and transferred to another address. The breach’s origin was a fake Zoom link sent via the compromised Telegram account of Thorbjornsen’s friend. Through this link, access was obtained to the founder’s old MetaMask wallet.
Security Lessons from the Incident
In the aftermath, Thorbjornsen emphasized the need for additional security measures for wallet protection, highlighting the significance of threshold signature-based wallets. This system divides the private key into several parts, stored across different devices, preventing an unauthorized full access to the assets with just one key.
The incident of asset theft highlights the importance of maintaining security measures in the cryptocurrency space, especially concerning personal wallets.
