Hacker Attacked Allbridge’s Liquidity Pools; Developers Halt Cross-Chain Bridge
The Allbridge cross-chain bridge lost digital assets worth about $570,000 as a result of a hacker attack. An unknown actor manipulated the swap price to drain tokens from the pool on the BNB Chain, according to PeckShield analysts.
The @Allbridge_io hack results in the loss of ~$570K (282,889 BUSD + 290,868 USDT). The root cause appears to be the manipulation of pool’s swap price. The actor plays dual roles of acting as LP and swapper to manipulate the price and then drain the pool funds. https://t.co/JiPwVHsaCi pic.twitter.com/FY2wwA6IHm
— PeckShield Inc. (@peckshield) April 2, 2023
Allbridge confirmed the existence of a problem on the BNB Chain, but did not comment on the magnitude of the damage. The team disabled the bridge during the investigation.
We are investigating the current situation with the BNB Chain pools.
The bridge has been temporarily shut down during the investigation.
We apologize for the inconvenience.
— Allbridge (@Allbridge_io) April 2, 2023
In a conversation with ForkLog, a project representative said that “Allbridge is preparing a statement and an action plan.” The company promised to provide a comment.
The Allbridge team confirmed that the BUSD/USDT liquidity pools on the BNB Chain were attacked. According to the statement, the company is preparing a plan to compensate affected users.
2/ The exploit targeted BUSD/USDT pools on BNB Chain. This attack comes as a devastating blow to our team, but our main priority is to work on making it up for our community.
— Allbridge (@Allbridge_io) April 2, 2023
The team said the exploit used by the hacker could have allowed attacking other pools, so the bridge’s operation was suspended until the vulnerability was identified.
The developers offered a bounty for the return of stolen funds, without specifying the amount of the loss. They stressed, however, that they would not pursue the white-hat hacker.
The company also launched a web interface, which allows liquidity providers to withdraw assets.
Earlier in March, the Hedera Hashgraph platform team reported an unauthorized withdrawal of assets from the Hedera Token Service.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!