Allbridge, a multichain token bridge, suffered a hack resulting in a $573,000 loss, as an individual exploited its BNB Chain pools swap price. Blockchain security firm Peckshield alerted Allbridge on April 1 of the attack, which saw an attacker drain the pool of $282,889 in Binance USD BUSD and $290,868 worth of Tether USDT. To incentivize the attacker to return the stolen funds and help improve the security of the platform, Allbridge has offered a bounty and legal immunity to the hacker if they come forward as a white hat. The amount of the bounty remains undisclosed.
Allbridge, in a separate tweet, also noted that is actively tracking the stolen funds, monitoring wallets, transactions, and linked CEX accounts through collaboration with partners and the community. Furthermore, the protocol has requested the hacker to contact them through official channels, such as Twitter/Telegram, or send a message through tx, to discuss the bounty in exchange for returning the funds.
In response to the $573,000 exploit on its multichain token bridge, Allbridge has announced that it’s working with law enforcement, law firms, and other affected projects to track down the attacker. The company has also offered the hacker an undisclosed bounty and legal immunity if they come forward as a white hat and return the stolen funds. Allbridge has temporarily suspended its bridge protocol to prevent any further exploits on its other pools and will restart it once the vulnerability has been addressed.
Allbridge has announced that it is developing a web interface to allow liquidity providers to withdraw their assets, following the recent $573,000 exploit on its multichain token bridge. Blockchain security firm CertiK offered an in-depth analysis of the hack, identifying it as a flash loan attack. The attacker took a $7.5 million BUSD flash loan, then initiated a series of swaps for USDT, manipulating the price of USDT in the pool, and allowing the hacker to swap $40,000 of BUSD for $789,632 USDT. The recent attack on Allbridge is part of a growing trend in March, which saw 26 crypto projects hacked, with total losses of $211 million, according to a tweet by PeckShield.
Euler Finance’s hack on March 13 made up over 90% of the total losses. Other projects that suffered costly attacks last month include Swerve Finance, ParaSpace, and TenderFi.