bsc.news
$570K Taken From $BNB Chain Pools
The Allbridge team has pulled out all the stops to address an exploit that drained $570,000 from the bridge protocol’s $BNB Chain liquidity. That includes offering a white hat bounty to the hacker, who they say has been identified, locking the protocol’s bridge and reopening liquidity pools for users to recover their funds.
Liquidity pools update
— Allbridge (@Allbridge_io) April 3, 2023
1/ Our investigation into the hacking incident continues. We are working together with our partners and law enforcement to uncover the identity of the hacker. In addition, we have announced a white hat bounty in exchange for recovering the stolen assets.
As BSC News reported, a hacker attacked the Allbridge Core protocol’s $BUSD/USDT pools by manipulating the pool’s $BUSD price and then draining the pool funds.
🧵 Post-mortem of the liquidity pools exploit
— Allbridge (@Allbridge_io) April 2, 2023
1/ Despite our best efforts to create a safe product and work on cybersecurity, Allbridge Core liquidity pools were attacked this night.
The Allbridge team responded by closing the bridge and pursuing an investigation of the incident, aided by security entities such as PeckShield, Hacken and HAPI Labs.
“Firstly, we propose a white hat bounty for the recovered assets. Legal action will not be pursued against the white hat,” Allbridge said.
The official $BNB Chain account tweeted that, thanks to AvengerDAO, the hacker had been identified. BscScan data pinpoints a wallet labeled as “UF Dao Hacker,” stemming from a January exploit of another protocol of some $90,000.
We greatly value the support from @BNBCHAIN to assist with the recovery efforts. Special thanks to the team at AvengerDAO for helping with the investigation. Please let us know if the hacker reaches out to you to discuss the bounty. https://t.co/puIsoKzSnS
— Allbridge (@Allbridge_io) April 2, 2023
Since the exploit, the attacker has been busy sending funds to and through a variety of protocols, wallets and accounts, including Centralized Exchange hot wallets and Tornado Cash. HAPI posted a graphic showing the flow of assets.
👉 @Allbridge_io exploit has been a topic of many tweets.
— HAPI Labs | Analytics & Research (@hapi_labs) April 3, 2023
❗HAPI Labs prepared a thorough and up-to-date breakdown that clearly shows the current movement of assets and where they ended up in. pic.twitter.com/uXoeMKKU3A
“With this information we contacted exchanges in question and the process of freezing CEX accounts of the perpetrator has begun. This is the first step to retrieve lost assets!” HAPI tweeted
As of the time of publication, Allbridge’s response involved the following:
- Closing the Allbridge Core Bridge
- Reopening the bridge’s liquidity provision until the end of the week so that liquidity providers can withdraw their assets
- At the end of the week, pools will be closed and a recovery pool will be created to compensate victims
- Offering a white hat bounty to the attacker in exchange for protection from prosecution.
What Is Allbridge:
Allbridge describes itself as a simple, modern, and reliable way to transfer assets between different networks. It is a bridge between both EVM (Like Ethereum, Polygon, BSC) and non-EVM compatible (like Solana, Terra) blockchains, that aims to cover L2 (like Arbitrum, Optimism) solutions and NFT transfers in the future.
Allbridge’s mission is to make the blockchain world borderless and provide a tool to freely move assets between different networks.
Website | Twitter | Docs |