A recent attack resulted in the theft of around $573,000 in cryptocurrency from Allbridge, a multichain token bridge. However, the situation seems to have taken a positive turn as the hacker has returned a significant portion of the funds after accepting the project’s offer for a “white hat bounty.”
Update on the exploit
— Allbridge (@Allbridge_io) April 3, 2023
1/ Our team was contacted by the owner of https://t.co/EW1uxXBQpD.
1500 BNB was returned to our team. The remaining funds will be considered a white hat bounty to this person.
Allbridge announced on April 3 that it had received a message from an individual, and 1,500 Binance Coin (BNB) worth around $465,000, had been returned to the project. The remaining funds will be considered a white hat bounty to the individual. Allbridge converted the BNB received to the stablecoin Binance USD (BUSD) to be used as compensation.
The attack was first identified on April 1 by blockchain security firm Peckshield. It warned Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper. Following the exploit, Allbridge offered the attacker a bounty and the chance to escape any legal ramifications.
The @Allbridge_io hack results in the loss of ~$570K (282,889 BUSD + 290,868 USDT). The root cause appears to be the manipulation of pool's swap price. The actor plays dual roles of acting as LP and swapper to manipulate the price and then drain the pool funds. https://t.co/JiPwVHsaCi pic.twitter.com/FY2wwA6IHm
— PeckShield Inc. (@peckshield) April 2, 2023
While Allbridge has not publicly disclosed the total amount stolen, blockchain security firm CertiK estimated the sum to be close to $550,000, while Peckshield claimed the exploit netted $282,889 in BUSD and $290,868 worth of Tether (USDT), totaling roughly $573,000.
Allbridge also revealed that a second address was used to carry out the same exploit, and it has asked the exploiter to return the stolen funds.
Following the initial attack, Allbridge made it clear that they were working with various organizations to retrieve the stolen funds, and BNB Chain was among those who answered the call. In an April 2 tweet, BNB Chain reported that it had discovered at least one of the culprits involved through on-chain analysis and is actively supporting the Allbridge team on the fund recovery. It also gave a shout-out to AvengerDAO for its efforts in the recovery.
BNB Chain has identified the Allbridge attacker following on-chain analysis. We are actively supporting the Allbridge team on the fund recovery. The Allbridge team has offered the hacker a bounty.
— BNB Chain (@BNBCHAIN) April 2, 2023
We'd like to recognize the effort of AvengerDAO in this recovery effort.
Overall, the situation serves as a reminder of the importance of security measures in the world of cryptocurrency.
Stay tuned to CoinTopper for more news!