Attacked multichain token bridge Allbridge has offered a bounty to the hacker behind the $575,000 exploitation of its core liquidity pools on April 2 as per this tweet.
Please contact us via the official channels (Twitter/Telegram) or send a message through tx, so we can consider this a white hat hack and discuss the bounty in exchange for returning the funds.
— Allbridge (@Allbridge_io) April 2, 2023
Allbridge explained that despite its relentless efforts to create a safe product and work on cybersecurity, the hacker successfully orchestrated an exploitation targeted at BUSD/USDT pools on BNB Chain.
Peckshield, a Blockchain security firm initially identified the attack on April 1, thereby warning Allbridge that its BNB Chain pools swap price was being distorted by someone acting as a liquidity provider and swapper.
The @Allbridge_io hack results in the loss of ~$570K (282,889 BUSD + 290,868 USDT). The root cause appears to be the manipulation of pool's swap price. The actor plays dual roles of acting as LP and swapper to manipulate the price and then drain the pool funds. https://t.co/JiPwVHsaCi pic.twitter.com/FY2wwA6IHm
— PeckShield Inc. (@peckshield) April 2, 2023
The aftermath of the attack led to the drain of $282,889 in Binance USD and $290,868 worth of USDT from the platform.
Having extended an olive branch to the attacker, Allbridge further urged the attacker to contact them via the official channels (Twitter/Telegram) or forward a text message via tx for mutual agreement on the bounty in exchange for returning the funds.
Meanwhile, in an April 3 statement, Allbridge disclosed that it is hot on the trail of the stolen funds, stressing that investigation into the hacking incident continues and partnerships are being made with law enforcement agents to unearth the perpetrator.
Liquidity pools update
1/ Our investigation into the hacking incident continues. We are working together with our partners and law enforcement to uncover the identity of the hacker. In addition, we have announced a white hat bounty in exchange for recovering the stolen assets.
— Allbridge (@Allbridge_io) April 3, 2023
It added that the liquidity provision section has been re-opened and will close at the end of the week. Thus, LPs will be able to withdraw their assets from the pools within the timeframe.
2/ The liquidity provision section has been re-opened and will last until the end of the week. During that time, the LPs will be able to withdraw their assets from the pools.
— Allbridge (@Allbridge_io) April 3, 2023
Binance Begins Rescue Mission
Sequel to the attack, Binance BNBChain remarked on April 2 that it has identified the Allbridge attacker following on-chain analysis. It further added that AvengerDAO played a key role in the recovery process.
BNB Chain has identified the Allbridge attacker following on-chain analysis. We are actively supporting the Allbridge team on the fund recovery. The Allbridge team has offered the hacker a bounty.
We'd like to recognize the effort of AvengerDAO in this recovery effort.
— BNB Chain (@BNBCHAIN) April 2, 2023
Meanwhile, the identity of the hacker is yet to be disclosed, and the whereabouts of the funds are still unknown.
The latest steps taken by Allbridge team in partnership with other agencies towards recovering the funds is a step in the right direction. It is hoped that the hacker will be unearthed and prosecuted accordingly.
