Allbridge to first begin repaying stuck bridge users after recouping funds

April 5, 2023 Coin Telegraph

Allbridge

The compensation process is expected to start next week, starting with users who had funds on the bridge “shortly before the shutdown.”

Users with funds stuck on the multichain token bridge provided by Allbridge are first in line to receive compensation under a recovery plan posted by the project following a recent exploit.

In an April 5 statement, Allbridge said it has already started a compensation process for users despite only “partly recovering funds” after it was hacked for roughly $573,000 on April 1.

“We will start with the bridge users whose transactions got stuck in pending due to the emergency shutdown,” Allbridge said, adding it will then compensate its liquidity providers (LPs).

We are committed to compensating our users affected by the exploit and are prepared to reveal our recovery plan.

Please check the latest announcement for details: https://t.co/h17VDKZ7H7
— Allbridge (@Allbridge_io) April 4, 2023

“We aim to fully compensate those victims of the exploit with funds available to us,” it wrote.

It noted that it enabled LPs to withdraw funds on April 2, with the majority withdrawing their assets from the pool. Some, however, could withdraw even more “due to the pool’s disbalance.“

Others could not withdraw “a reasonable amount” from the liquidity pool due to some users withdrawing more than their original balances and the hack’s impact on the pools.

An application form is currently being drafted for LPs who could not withdraw their assets, allowing them to apply for compensation and provide details of their losses.

The form is anticipated to be completed within the next two days. The compensation process is expected to commence next week, starting with users who “have used the bridge shortly before the shutdown.”

“All the affected parties by the exploit will be subject to additional rewards in the future, but compensation remains our main priority.”

The compensation plan comes after Allbridge tweeted on April 3 that 1,500 BNB (BNB), worth approximately $465,000, was returned to the project following a public proposal made to the hacker in an April 1 tweet.

The protocol’s exploiter seemingly accepted Allbridge’s offer of a “white hat bounty,” where they could keep a portion of the stolen funds in exchange for an assurance that no legal action would be taken.

Meanwhile, Ethereum-based noncustodial lending protocol Eurler Finance announced on April 4 that it recovered most of the $196 million stolen in a March 13 flash loan attack following successful negotiations.

The attacker managed to steal millions worth of Dai (DAI), USD Coin (USDC), staked Ether (stETH) and wrapped Bitcoin (WBTC) in the largest hack of 2023 so far.

Magazine: Crypto winter can take a toll on hodlers’ mental health

Hacker Offered Bounty After Exploiting $573,000 in Crypto From DeFi Platform

April 4, 2023 The Daily Hodl

Allbridge exploiter returns most of the $573K stolen in attack

April 4, 2023 Coin Telegraph

Allbridge

An exploit resulted in around $573,000 in crypto looted from Allbridge, but the hacker has now seemingly accepted the offer of a “white hat bounty.”

A large portion of the roughly $573,000 pilfered from the multichain token bridge Allbridge has been returned after the exploiter seemingly took up the project’s offer for a white hat bounty and no legal retaliation.

Allbridge tweeted on April 3 that it received a message from an individual and 1,500 BNB (BNB), worth around $465,000, was returned to the project.

"The remaining funds will be considered a white hat bounty to this person," Allbridge said.

Update on the exploit

1/ Our team was contacted by the owner of https://t.co/EW1uxXBQpD.

1500 BNB was returned to our team. The remaining funds will be considered a white hat bounty to this person.
— Allbridge (@Allbridge_io) April 3, 2023

It explained that all the "received BNB" wa then converted to the stablecoin Binance USD (BUSD) to be used as compensation.

Blockchain security firm Peckshield first identified the attack carried out on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper.

Following the exploit Allbridge offered the attacker a bounty and the chance to escape any legal ramifications.

Allbridge has yet to publicly disclose how much was stolen, but blockchain security firm CertiK said the sum is close to $550,000 while PeckSheild said the exploit netted $282,889 in BUSD and $290,868 worth of Tether (USDT), totaling roughly $573,000.

Allbridge also revealed that a second address used the same exploit and shared a link to a wallet that currently contains 0.97 BNB, valued at around $300.

"We ask the second exploiter to reach out and discuss the return," Allbridge said.

Following the initial exploit, Allbridge made it clear they were hot on the trail of the stolen funds and were working with a wide variety of organizations to retrieve the stolen loot.

BNB Chain was among those who answered the call to arms and reported in an April 2 tweet that it discovered at least one of the culprits involved through on-chain analysis.

BNB Chain has identified the Allbridge attacker following on-chain analysis. We are actively supporting the Allbridge team on the fund recovery. The Allbridge team has offered the hacker a bounty.

We'd like to recognize the effort of AvengerDAO in this recovery effort.
— BNB Chain (@BNBCHAIN) April 2, 2023

According to BNB Chain it’s "actively supporting the Allbridge team on the fund recovery," and gave a shout-out to AvengerDAO for its efforts in the recovery.

Cointelegraph contacted Allbridge for further comment but did not receive an immediate response.

Magazine: US and China try to crush Binance, SBF's $40M bribe claim: Asia Express

Allbridge offers bounty to exploiter who stole $573K in flash loan attack

April 3, 2023 Coin Telegraph

Allbridge

Allbridge offered a hacker who pilfered $573,000 from its platform a chance to come forward as a white hat and forgo any legal ramifications.

The attacker behind a $573,000 exploit on the multichain token bridge Allbridge has been offered a chance by the firm to come forward as a white hat and claim a bounty.

Blockchain security firm Peckshield first identified the attack on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper, who was able to drain the pool of $282,889 in Binance USD (BUSD) and $290,868 worth of Tether (USDT).

In an April 1 tweet following the hack, Allbridge offered an olive branch to the attacker in the form of an undisclosed bounty and the chance to escape any legal ramifications.

To hacker's attention: addressing the incident and the next steps

1. We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack.
— Allbridge (@Allbridge_io) April 2, 2023

“Please contact us via the official channels (Twitter/Telegram) or send a message through tx, so we can consider this a white hat hack and discuss the bounty in exchange for returning the funds,” Allbridge wrote.

In a separate series of tweets, Allbridge made it clear they are hot on the trail of the stolen funds.

With the help of its “partners and community,” Allbridge said it’s “tracking the hacker through social networks.”

“We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack,” it added.

Allbridge also stated it’s working with law firms, law enforcement and other projects affected by the exploiter.

According to Allbridge, its bridge protocol has been temporarily suspended to prevent the potential exploits of its other pools; once the vulnerability has been patched, it will be restarted.

5/ The bridge has been temporarily suspended to prevent the potential exploits of the other pools. We will restart it once the vulnerability has been patched.
— Allbridge (@Allbridge_io) April 2, 2023

“In addition, we are in the process of deploying a web interface for liquidity providers to enable the withdrawal of assets,” it added.

Blockchain security firm CertiK offered an in-depth breakdown of the hack in an April 1 post, identifying the method used was a flashloan attack.

CertiK explained the attacker took a $7.5 million BUSD flash loan, then initiated a series of swaps for USDT before deposits in BUSD and USDT liquidity pools on Allbridge were made. This manipulated the price of USDT in the pool, allowing the hacker to swap $40,000 of BUSD for $789,632 USDT.

According to a March 31 tweet from PeckShield, March saw 26 crypto projects hacked, resulting in total losses of $211 million.

#PeckShieldAlert ~26 exploits grabbed $211.5M in March 2023.
Regarding the @eulerfinance exploit, the estimated loss is $197M. The exploiter has returned 84,963.4 $ETH (~$152.8M) and 29.9M $DAI to the Deployer, and he has already transferred 1,100 $ETH to Tornado Cash pic.twitter.com/kf2Ul4uIun
— PeckShieldAlert (@PeckShieldAlert) March 31, 2023

Euler Finance’s March 13 hack was responsible for over 90% of the losses, while other costly exploits were suffered by projects including Swerve Finance, ParaSpace and TenderFi.

Cointelegraph contacted Allbridge for comment but did not receive an immediate response.

Magazine: Crypto winter can take a toll on hodlers’ mental health

Allbridge

Share this video