Allbridge offers bounty to exploiters behind $573k hack

Multi-chain token bridge Allbridge struck a conciliatory tone with the people behind the $573,000 hack on the platform. They asked them to return the funds in exchange for a bounty.

The announcement was the latest step Allbridge has taken in its ongoing attempts to recover the funds stolen from the token bridge on April 1.

In a series of tweets, Allbridge stated it actively monitored the wallets, transactions, and accounts linked to the people behind the platform’s exploit.

To hacker's attention: addressing the incident and the next steps

1. We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack.

— Allbridge (@Allbridge_io) April 2, 2023

Allbridge has enlisted the help of partners and the broader crypto community on various social media platforms, including Twitter. It has also ramped up communication with all the projects affected by the attack to close in on the perpetrators.

Additionally, Allbridge alluded to working hand in hand with lawyers and law enforcement agencies in a bid to track down the people responsible for the hack.

Hackers made off with $573,000 in crypto assets

Blockchain security firm Peckshield noticed the attack on April 1. The security company drew Allbridge’s attention to the attack in a tweet stating that someone was manipulating its BNB Chain pool’s swap price.

Hi @Allbridge_io, you may want to take a look at https://t.co/tehqxPfpG1. It seems the swap-related formula may be manipulated. pic.twitter.com/k8wocASrqu

— PeckShield Inc. (@peckshield) April 2, 2023

According to Peckshield, by acting as a liquidity provider and swapper, the attacker could make off with more than $282,000 in Binance USD (BUSD) and a further $290,868 in Tether (USDT) from the pool.

A second blockchain security company, CertiK, also gave a more detailed look into how the attacker carried out the hack. The exploiter obtained a $7.5 million BUSD flash loan, started a sequence of USDT swaps, and finally made deposits into BUSD and USDT liquidity pools.

1/ This exploit saw the attacker steal approximately $549,874 by manipulating the liquidity pool's swap price.

First the attacker flashloaned 7.5M BUSD and swapped 2M to BUSD and deposited 5M to the BUSD pool.

— CertiK Alert (@CertiKAlert) April 2, 2023

CertiK claims the scammer could exchange about $40,000 in BUSD for $789,632 in USDT by manipulating the USDT price in the pool.

Following the attack, the multi-chain token bridge sought to reassure users that only its BNB Chain pool had been affected. However, it also announced it was temporarily suspending activity on the platform to ascertain the extent of the exploit and prevent further attacks on its other pools.

The company also built a web interface to enable liquidity providers to withdraw assets from the token bridge.

At the time of writing, the attacker had not yet responded to Allbridge’s overture.