The company has offered the attacker responsible for a $573,000 exploit against multichain token bridge Allbridge the chance to go white-hat and claim a bounty.
Blockchain security company peckshield first identified the attack on April 1, warning Allbridge in a tweet that the swap price of their BNB Chain pools was being manipulated by an individual acting as a liquidity provider and swapper, who was able to empty the pool of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT).
In a tweet Posted on April 1st after the hack, Allbridge offered the attacker a peace offering in the form of an undisclosed reward and the chance to escape any legal ramifications.
To hacker’s attention: addressing the incident and the next steps
1. We continue to monitor the wallets, transactions, and linked CEX accounts of individuals involved in the hack.
—Allbridge (@Allbridge_io) April 2, 2023
To the attention of the hacker: Addressing the incident and next steps. 1. We continue to monitor the wallets, transactions, and linked CEX accounts of the individuals involved in the hack.
“Please, Please contact us via official channels (Twitter/Telegram) or send a message via tx, so we can consider this a white-hat hack and discuss the reward in exchange for returning the funds,” Allbridge wrote.
In another series of tweets, Allbridge made it clear that they’re on the trail of the stolen funds.
With the help of its “partners and community,” Allbridge said it is “tracking down the hacker throught social media.”
“We continue to monitor the wallets, transactions, and linked CEX accounts of the individuals involved in the hack,” it added.
Allbridge also stated that it is working with law firms, law enforcement and other projects affected by the exploit.
According to Allbridge, their bridge protocol has been temporarily suspended to prevent potential exploits from their other pools.; once the vulnerability is patched, it will be rebooted.
5/ The bridge has been temporarily suspended to prevent the potential exploits of the other pools. We will restart it once the vulnerability has been patched.
—Allbridge (@Allbridge_io) April 2, 2023
5/ The bridge has been temporarily suspended to prevent possible exploits from the other pools. We will restart it once the vulnerability is patched.
“Besides, we are in the process of rolling out a web interface for liquidity providers to withdraw assets,” he added.
Blockchain security company CertiK offered an in-depth breakdown of the hack in a post on April 1, identifying the method used as a flash loan attack.
CertiK explained that The attacker obtained a BUSD flash loan valued at $7.5 million and then initiated a series of USDT swaps before making the deposits into the Allbridge BUSD and USDT liquidity pools. This manipulated the price of USDT in the pool, allowing the hacker to swap $40,000 of BUSD for 789,632 USDT.
according to a tweet March 31, PeckShield, in March 26 crypto projects were hacked, resulting in total losses of $211 million.
#PeckShieldAlert ~26 exploits grabbed $211.5M in March 2023.
Regarding the @eulerfinance exploit, the estimated loss is $197M. The exploiter has returned 84,963.4 $ETH (~$152.8M) and 29.9M $DAI to the Deployer, and he has already transferred 1,100 $ETH to Tornado Cash pic.twitter.com/kf2Ul4uIun— PeckShieldAlert (@PeckShieldAlert) March 31, 2023
#PeckShieldAlert: Approximately 26 exploits seized $211.5 million in March 2023. Regarding the @eulerfinance exploit, the estimated loss is $197 million. The exploiter has returned 84,963.4 ETH (~$152.8 million) and 29.9 million DAI to Deployer, and has already transferred 1,100 ETH to Tornado Cash
The Euler Finance hack on March 13 was responsible for more than 90% of the losses, while other expensive exploits were suffered by projects like Swerve Finance, ParaSpace and TenderFi.
Cointelegraph has reached out to Allbridge for comment on the situation, but has not received a response by press time.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.