The company has provided an opportunity for the hacker responsible for a $573,00 exploit on the multichain token bridge Allbridge to come forward as a white hat and claim a bounty for doing so.
On April 1, blockchain security company Peckshield discovered the attack and alerted Allbridge via tweet that its BNB Chain pools swap price was being manipulated by a person posing as a liquidity provider and swapper. This person was able to drain the pool of $282,889 in Binance USD BUSD and $290,868 in USDT.
Following the incident, Allbridge offered the hacker a chance to avoid legal repercussions and also get rewarded with an undisclosed amount as a bounty.
Informing the hacker how to reach out, Allbridge said that they should reach out to them via their official channels on Telegram and Twitter. The hacker can also send them a message via tx, as they discuss the bounty.
Allbridge also made it known that the company has teamed up with “partners and community” and they are tracking down the hacker through social networks. They are also keeping close tabs on the wallet transactions and connected CEX accounts of those involved in the hack.
Law firms, law enforcement agencies, and other projects affected by this same hacker have teamed up to further intensify their investigation.
To prevent potential exploits of its other pools, activities on the bridge protocol have been suspended. According to Allbridge, once the vulnerability path has been identified and fixed, transactions will resume.
“In addition, we are in the process of deploying a web interface for liquidity providers to enable the withdrawal of assets,” the tweet added.
How the exploit happened
In a Twitter thread published on the 1st of April 2023, blockchain security company CertiK provided a detailed analysis of the breach, noting that a flash loan attack was the technique utilized.
To deposit funds into BUSD and USDT liquidity pools on Allbridge, the attacker first took out a $7.5 million BUSD flash loan and started a series of USDT swaps, according to CertiK. Hence, the hacker was able to exchange $40,000 in BUSD for $789,632 in USDT by manipulating the price of USDT in the pool.
In a tweet from PeckShield, it was reported that 26 cryptocurrency projects had been breached in March, causing $211 million in total losses.
Almost 90% of the losses were attributable to the hack on Euler Finance, although Swerve Finance, ParaSpace, and TenderFi also experienced costly exploits.
Albridge’s move to offer a bounty to the hacker in exchange for the repatriation of the stolen funds is expected to work out just as it did for Euler Finance. The hacker of Euler Finance has reportedly returned 51,000 stolen Ether.
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
