Allbridge offers bounty to exploiters behind $573k hack
Multi-chain token bridge Allbridge struck a conciliatory tone with the people behind the $573,000 hack on the platform. They asked them to return the funds in exchange for a bounty.
The announcement was the latest step Allbridge has taken in its ongoing attempts to recover the funds stolen from the token bridge on April 1.
In a series of tweets, Allbridge stated it actively monitored the wallets, transactions, and accounts linked to the people behind the platform’s exploit.
Allbridge has enlisted the help of partners and the broader crypto community on various social media platforms, including Twitter. It has also ramped up communication with all the projects affected by the attack to close in on the perpetrators.
Additionally, Allbridge alluded to working hand in hand with lawyers and law enforcement agencies in a bid to track down the people responsible for the hack.
Hackers made off with $573,000 in crypto assets
Blockchain security firm Peckshield noticed the attack on April 1. The security company drew Allbridge’s attention to the attack in a tweet stating that someone was manipulating its BNB Chain pool’s swap price.
According to Peckshield, by acting as a liquidity provider and swapper, the attacker could make off with more than $282,000 in Binance USD (BUSD) and a further $290,868 in Tether (USDT) from the pool.
A second blockchain security company, CertiK, also gave a more detailed look into how the attacker carried out the hack. The exploiter obtained a $7.5 million BUSD flash loan, started a sequence of USDT swaps, and finally made deposits into BUSD and USDT liquidity pools.
CertiK claims the scammer could exchange about $40,000 in BUSD for $789,632 in USDT by manipulating the USDT price in the pool.
Following the attack, the multi-chain token bridge sought to reassure users that only its BNB Chain pool had been affected. However, it also announced it was temporarily suspending activity on the platform to ascertain the extent of the exploit and prevent further attacks on its other pools.
The company also built a web interface to enable liquidity providers to withdraw assets from the token bridge.
At the time of writing, the attacker had not yet responded to Allbridge’s overture.