1. Home
  2. multi-chain token bridge

multi-chain token bridge

Allbridge to first begin repaying stuck bridge users after recouping funds

The compensation process is expected to start next week, starting with users who had funds on the bridge “shortly before the shutdown.”

Users with funds stuck on the multichain token bridge provided by Allbridge are first in line to receive compensation under a recovery plan posted by the project following a recent exploit. 

In an April 5 statement, Allbridge said it has already started a compensation process for users despite only “partly recovering funds” after it was hacked for roughly $573,000 on April 1.

“We will start with the bridge users whose transactions got stuck in pending due to the emergency shutdown,” Allbridge said, adding it will then compensate its liquidity providers (LPs).

“We aim to fully compensate those victims of the exploit with funds available to us,” it wrote.

It noted that it enabled LPs to withdraw funds on April 2, with the majority withdrawing their assets from the pool. Some, however, could withdraw even more “due to the pool’s disbalance.“

Others could not withdraw “a reasonable amount” from the liquidity pool due to some users withdrawing more than their original balances and the hack’s impact on the pools.

An application form is currently being drafted for LPs who could not withdraw their assets, allowing them to apply for compensation and provide details of their losses.

The form is anticipated to be completed within the next two days. The compensation process is expected to commence next week, starting with users who “have used the bridge shortly before the shutdown.”

“All the affected parties by the exploit will be subject to additional rewards in the future, but compensation remains our main priority.”

The compensation plan comes after Allbridge tweeted on April 3 that 1,500 BNB (BNB), worth approximately $465,000, was returned to the project following a public proposal made to the hacker in an April 1 tweet.

Related: Allbridge to become the first token bridge for the Stacks token 

The protocol’s exploiter seemingly accepted Allbridge’s offer of a “white hat bounty,” where they could keep a portion of the stolen funds in exchange for an assurance that no legal action would be taken.

Meanwhile, Ethereum-based noncustodial lending protocol Eurler Finance announced on April 4 that it recovered most of the $196 million stolen in a March 13 flash loan attack following successful negotiations.

The attacker managed to steal millions worth of Dai (DAI), USD Coin (USDC), staked Ether (stETH) and wrapped Bitcoin (WBTC) in the largest hack of 2023 so far.

Magazine: Crypto winter can take a toll on hodlers’ mental health

Solana ETF Momentum Grows Amid Reports of SEC Engagement

Allbridge offers bounty to exploiter who stole $573K in flash loan attack

Allbridge offered a hacker who pilfered $573,000 from its platform a chance to come forward as a white hat and forgo any legal ramifications.

The attacker behind a $573,000 exploit on the multichain token bridge Allbridge has been offered a chance by the firm to come forward as a white hat and claim a bounty.

Blockchain security firm Peckshield first identified the attack on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper, who was able to drain the pool of $282,889 in Binance USD (BUSD) and $290,868 worth of Tether (USDT).

In an April 1 tweet following the hack, Allbridge offered an olive branch to the attacker in the form of an undisclosed bounty and the chance to escape any legal ramifications.

“Please contact us via the official channels (Twitter/Telegram) or send a message through tx, so we can consider this a white hat hack and discuss the bounty in exchange for returning the funds,” Allbridge wrote.

In a separate series of tweets, Allbridge made it clear they are hot on the trail of the stolen funds.

With the help of its “partners and community,” Allbridge said it’s “tracking the hacker through social networks.”

“We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack,” it added.

Allbridge also stated it’s working with law firms, law enforcement and other projects affected by the exploiter.

According to Allbridge, its bridge protocol has been temporarily suspended to prevent the potential exploits of its other pools; once the vulnerability has been patched, it will be restarted.

“In addition, we are in the process of deploying a web interface for liquidity providers to enable the withdrawal of assets,” it added.

Blockchain security firm CertiK offered an in-depth breakdown of the hack in an April 1 post, identifying the method used was a flashloan attack.

CertiK explained the attacker took a $7.5 million BUSD flash loan, then initiated a series of swaps for USDT before deposits in BUSD and USDT liquidity pools on Allbridge were made. This manipulated the price of USDT in the pool, allowing the hacker to swap $40,000 of BUSD for $789,632 USDT.

Related: DeFi exploits and access control hacks cost crypto investors billions in 2022: Report

According to a March 31 tweet from PeckShield, March saw 26 crypto projects hacked, resulting in total losses of $211 million. 

Euler Finance’s March 13 hack was responsible for over 90% of the losses, while other costly exploits were suffered by projects including Swerve Finance, ParaSpace and TenderFi. 

Cointelegraph contacted Allbridge for comment but did not receive an immediate response.

Magazine: Crypto winter can take a toll on hodlers’ mental health

Solana ETF Momentum Grows Amid Reports of SEC Engagement