The firm has offered the attacker behind a $573,000 exploit on the Allbridge multi-chain token bridge the chance to pose as a white hat and claim a bounty.
Blockchain security company Peckshield first identified the attack on April 1, warning Allbridge in a cheep that their BNB Chain pool trading price was being manipulated by an individual acting as a liquidity provider and exchanger, who was able to drain the pool of $282,889 worth of Binance USD (BUSD) and $290,868 in Tether (USDT).
on an april 1 cheep Following the hack, Allbridge offered the attacker an olive branch in the form of an undisclosed reward and the chance to escape any legal ramifications.
To the attention of the hacker: Addressing the incident and next steps
1. We continue to monitor the wallets, transactions, and linked CEX accounts of the individuals involved in the hack.
-Allbridge (@Allbridge_io) April 2, 2023
“Contact us via official channels (Twitter/Telegram) or send a message via tx, so we can treat this as a white hat trick and discuss the reward in exchange for returning the funds,” Allbridge wrote.
In a separate series of tweetsAllbridge made it clear that they're on the trail of the stolen funds.
With the help of his "partners and community," Allbridge said he is "tracking the hacker through social media."
“We continue to monitor the wallets, transactions, and linked CEX accounts of the individuals involved in the hack,” it added.
Allbridge also stated that it is working with law firms, law enforcement and other projects affected by the exploit.
According to Allbridge, its bridging protocol has been temporarily suspended to prevent potential exploitation by its other groups; once the vulnerability has been patched, it will be rebooted.
5/ The bridge has been temporarily suspended to avoid possible exploitation of the other pools. We will reboot it once the vulnerability has been patched.
-Allbridge (@Allbridge_io) April 2, 2023
“In addition, we are in the process of implementing a web interface for liquidity providers to allow asset withdrawals,” he added.
CertiK Blockchain Security Company offered a detailed breakdown of the hack in an April 1 mailidentifying that the method used was a flashloan attack.
CertiK explained that the attacker took a quick loan of $7.5 million BUSD, then initiated a series of trades for USDT before deposits were made into the BUSD and USDT liquidity pools at Allbridge. This manipulated the USDT price in the pool, allowing the hacker to exchange $40,000 BUSD for $789,632 USDT.
Related: DeFi Exploits, Access Control Hacks Cost Crypto Investors Billions By 2022: Report
According to a March 31 cheep From PeckShield, 26 crypto projects were hacked in March, resulting in total losses of $211 million.
#PeckShieldAlert ~26 exploits netted $211.5 million in March 2023.
With respect to @eulerfinance exploit, the estimated loss is $197 million. The operator has returned 84,963.4 $ETH (~$152.8M) and 29.9M $DAI to the Deployer, and has already transferred 1,100 $ETH to Tornado Cash pic.twitter.com/kf2Ul4uIun— PeckShieldAlert (@PeckShieldAlert) March 31, 2023
Euler Finance's March 13 hack was responsible for more than 90% of the losses, while projects like Swerve Finance, ParaSpace and TenderFi suffered from other costly exploits.
Cointelegraph reached out to Allbridge for comment but did not immediately receive a response.
Magazine: Crypto winter can affect the mental health of hodlers