Bitcoin blockchain bridge XLink is set to resume operations after a $10 million security breach forced it to shut down.
In a recent announcement, the project’s team urged users to check that their wallets have revoked access to the old compromised endpoint contracts. They noted that this step would help terminate connections with the compromised contract and mitigate associated risks.
The security breach was reported on May 15 and affected the bridge’s Ethereum and BNB Smart Chain (BSC) endpoints. According to the XLink team, the breach stemmed from a phishing scheme that compromised private keys, allowing the attacker to control the BSC and Ethereum endpoints and withdraw approximately $4.3 million without authorization.
Fortunately, a white-hat hacker intervened and recovered the stolen assets. Despite the swift recovery of the BSC funds, around $5 million worth of LunarCrush tokens remain locked on the Ethereum blockchain.
The LunarCrush team is collaborating closely with XLink to secure these assets. XLink confirmed that “the majority of the $5 million has been recovered or secured,” with residual crypto funds worth about $500,000 still locked on Ethereum.
In response to the breach, XLink temporarily suspended all operations to conduct a thorough investigation. The investigation, conducted in partnership with Ancilia Inc. and Binance team liaisons, aimed to identify and mitigate the vulnerabilities exploited in the attack.
The project team has assured users that only BSC and Ethereum endpoints were affected by this exploit. They advised users who interacted with the compromised contracts to revoke any spending limits they had approved. The team provided detailed instructions and links for ETH and BSC users to mitigate further risk to their funds.
“It is urgent that Ethereum and BSC users check that their wallets have revoked access to the old compromised endpoint contracts,”
the project’s team emphasized, warning that failure to do so could result in further losses.
As XLink prepares to reopen, another blockchain-related exploit has come to light. Pump.fun, a Solana memecoin creation tool, reported on May 16 that a former employee had stolen nearly $2 million through a “bonding curve” attack. The company has since secured its smart contracts and promised to restore “100% of [victims’] liquidity.”
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”