Allbridge, following a recent cyberattack that resulted in the loss of over $573,000, has released a recovery plan prioritizing compensation for customers with funds locked on its multichain token bridge.
On April 5, 2023, the company released a statement indicating that it has initiated the reimbursement process for affected users, despite having only partially recovered the lost funds.
We are committed to compensating our users affected by the exploit and are prepared to reveal our recovery plan.
Please check the latest announcement for details: https://t.co/h17VDKZ7H7
— Allbridge (@Allbridge_io) April 4, 2023
The compensation procedure is expected to commence next week, and the priority will be to address the pending transactions of bridge customers affected by the emergency closure before compensating liquidity providers with their rewards.
The company reopened liquidity pools on Sunday, April 2, 2023, enabling withdrawals, and most liquidity providers pulled back their assets, resulting in an imbalance in the pool.
The cyberattack prevented some users from withdrawing a respectable amount, and those who did were charged a cost. This primarily impacted BNB Chain LPs.
Allbridge reiterated its commitment to fully reimburse affected customers with available funds and is currently developing an application form (scheduled to be available within the next 48 hours) for liquidity providers unable to withdraw funds to report their losses and request compensation.
The pools will be closed by the end of this week, and the compensation process will begin next week, starting with those who used the bridge immediately prior to its closure. The firm also promised additional rewards for all parties affected by the exploit, although compensation remains the top priority.
Allbridge made a public proposal to the hacker on April 1, 2023, via Twitter, offering a “white hat bounty” in exchange for a portion of the stolen funds and a commitment to avoid legal action. On April 3, 2023, the exploiter returned 1,500 BNB, worth approximately $465,000, and the company subsequently unveiled the compensation plan.
To hacker’s attention: addressing the incident and the next steps
1. We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack.
— Allbridge (@Allbridge_io) April 2, 2023
The Allbridge hacker has returned most of the stolen funds and received a bounty from Allbridge. Our ability to identify who he is likely helped.
A lot of work goes on behind the scenes to increase security of the industry. Stay #SAFU. ???? https://t.co/k6113N49mi
— CZ ???? Binance (@cz_binance) April 4, 2023
The hacker appeared to have accepted Allbridge’s “white hat bounty” offer, allowing them to keep some of the stolen funds in exchange for an agreement to avoid legal action.
On April 1, 2023, blockchain security company Peckshield discovered the attack and alerted Allbridge via Twitter. The attacker had manipulated the BNB Chain pools swap price by acting as a liquidity provider and swapper, draining the pool of $282,889 worth of Binance USD (BUSD) and $290,868 worth of Tether (USDT).
The @Allbridge_io hack results in the loss of ~$570K (282,889 BUSD + 290,868 USDT). The root cause appears to be the manipulation of pool’s swap price. The actor plays dual roles of acting as LP and swapper to manipulate the price and then drain the pool funds. https://t.co/JiPwVHsaCi pic.twitter.com/FY2wwA6IHm
— PeckShield Inc. (@peckshield) April 2, 2023
CertiK, another blockchain security company provided a detailed analysis of the hack, which was a flash loan attack, and revealed that the attacker obtained a flash loan of $7.5 million BUSD. The attacker initiated a series of USDT swaps and deposited them into BUSD and USDT liquidity pools on Allbridge, exchanging $40,000 in BUSD for $789,632 in USDT by manipulating the price of USDT in the pool.
On April 4, 2023, Euler Finance, an Ethereum-based non-custodial lending platform, announced that it had successfully recovered most of the $196 million stolen in a flash loan attack on March 13, 2023, following fruitful dialogue with the hackers responsible.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
