The hack on Allbridge’s cross-chain bridge was made possible by a flaw in the liquidity calculation formula and the public nature of information about the smart-contract codebase. Andrey Velikiy, co-founder of the project, told ForkLog in a comment.
Mathematical error
Allbridge, at the request of partners including the forthcoming Arbitrum integration, opened the smart-contract code for verification. Previously, the team had also published the formula governing how the liquidity pool operates.
“The bridge is set up so that it constantly seeks to balance liquidity. Put simply, if there is some skew, it penalizes in one direction and tops up in the other. This allows users to profit from arbitrage,” Velikiy said.
However, at the edge values of the formula, there was an error — the permissible amount of incoming and outgoing transactions turned out to be significantly higher than the liquidity in the pools.
“The attacker put funds into the liquidity pool, conducted a series of swaps, and we miscalculated, at the mathematical level, how much to give him in the face of such a large liquidity skew. It turned out that he took not only his own money, but others’ money as well, effectively draining the BNB Chain pool,” Velikiy, co-founder of Allbridge, explained.
Then the hacker transferred assets worth $570,000 to BNB and sent them to Tornado Cash.
Soon after, another unknown attacker repeated the attack. He stole around $160,000 in stablecoins. At the time of writing, these funds were at his address unmoved.
Additionally, when the BNB Chain pool dried up, other users also attempted to earn by sending money between the depleted pool and the remaining pools until the bridge was halted.
The hacker’s identity
The protocol team managed to contact the first hacker and arrange the return of 1,500 BNB from the stolen funds. The remaining amount he kept as a reward.
Allbridge suspects the attack was carried out by a young hacker from Hong Kong who specialises in hacking protocols on BNB Chain. He described his actions on Twitter, in particular publishing the private key of the address from which the hack was carried out. Initially the attacker did not plan to return the funds.
“In dialogue with us, he did not explain the motives for his actions in any way, but he agreed to send us 1,500 BNB in parts via Tornado Cash. We immediately converted this amount into stablecoins to avoid worsening volatility. Also, by agreement with the hacker after the return of funds we published a tweet that we recognise him as a whitehat and do not intend to prosecute him in any way,” Velikiy said.
The second hacker has yet to show any activity, despite the on-chain message from the team offering a bounty to him.
The actions of third-party users within the Allbridge incident are not planned to be treated as a hack.
“They were simply using the bridge’s functionality. This is a lot of small transactions that are hard to track. We are considering approaching these people to return the funds to the protocol free of charge to help with payouts to those affected,” Velikiy added.
Compensation plan
Allbridge is currently preparing a compensation plan. In particular, a form is being developed through which users can verify the amount of assets that have become unavailable to them because of the incident.
“We are discussing the possibility of starting payouts with the smallest group of people who, at the moment of the hack and bridge shutdown, sent a transaction but it did not arrive. The second group — those who remained in liquidity pools but cannot withdraw their money in full. There is also an option to conduct proportional compensation — calculate the total shortfall and returns and divide among addresses. But I find this formula less fair,” Velikiy said.
No final decision yet. The team is currently consulting with lawyers, but stresses that reimbursements will be complete.
“We will resume protocol operation, continue redistributing assets and continually filling the pools. If the second hacker also responds, this will greatly simplify life for everyone,” he added.
Is it worth paying the hacker?
Andrey Velikiy believes that in a crisis, agreeing with the hacker to return part of the funds is the lesser of two evils. As an example, he pointed to the February 2022 Wormhole cross-chain protocol hack for $319 million. Negotiations with the hacker did not succeed for reasons, and Jump Trading, the company behind the project, covered the loss from its own funds. Over time the hacker was tracked down and some of the money was recovered.
However, if a project is not backed by a large holding capable of covering losses, users risk being left without funds for a long period. The protocol treasury also cannot always cover the damage. And even if payouts are made from it, the project would have no funds for salaries and the protocol would shut down.
“Is this solution better than negotiating with the hacker to recover a larger portion of the sum? Users get their money back, the protocol has funds for salaries to continue operations, rehabilitate its image and make money. In my view, this is a win-win,” Velikiy said.
Attack vectors on cross-chain protocols
The attack vector via mathematics that Allbridge faced is one of the variants of hacks on bridges focused on swaps between liquidity pools.
Among other popular methods are an attack on a smart contract with a vulnerability or an attack on a messaging protocol with data tampering in messages.
Depending on the decentralisation structure of validators on messaging protocols, an selective attack may also be performed. In this case, the hacker gains the ability to approve deliberately false transactions.
As a reminder, on April 2 the Allbridge cross-chain bridge lost digital assets worth about $570,000 in a hacker attack. An unknown actor manipulated the swap price to extract tokens from the pool on the BNB Chain network. The team shut down the bridge for the investigation.