We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug bounty program is permanently retired. We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days
We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug bounty program is permanently retired. We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days
RT @v12sec: We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug boun…
Probably a good move to take you funds off thorchain. https://x.com/v12sec/status/2061401842324820205
V12 Says THORChain Silently Patched Its Critical Bug, Then Told Researchers the Bounty Is 'Permanently Retired'
The problem is... Thorchain doesn't have a bug bounty program... so good guys are not going to look for bugs... only bad guys. There are a lot of white hats that really appreciate Thorchain's approach. Thorchain needs to pay them out so that they can feel appreciated!! Even something small!
Security firm @v12sec says it warned @THORChain about a critical fund-draining bug. THORChain patched it but told them the bug bounty is "permanently retired." Three weeks later, a near-identical flaw was exploited for $10.7M. Now the researchers say they have more, and they're going public. Re
We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug bounty program is permanently retired. We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days