Bitcoin bridge XLink resurrection underway post $10M hack

XLink faced a security breach involving almost $10 million, with $4.3 million recovered thanks to a friendly neighborhood whitehat hacker.

Bitcoin bridge XLink resurrection underway post $10M hack

XLink, an established Bitcoin (BTC) blockchain bridge, is prepping a comeback after it shut down on May 15 after suffering a $10 million hack.

XLink was the victim of a security breach involving its Ethereum and BNB Smart Chain (BSC) endpoints. The XLink team first disclosed the breach in the early hours of May 15, which is now coming to a close on May 17 as the team prepares to resume normal operations.

Source: XLink.btc

The attacker exploited compromised private keys via a phishing scheme which allowed them to control the BSC and Ethereum endpoints and withdraw around $4.3 million without authorization. However, according to XLink, the stolen assets were recovered soon after by a whitehat hacker.

Cointelegraph reached out to XLink for comment, but hadn’t received a response by publication. “No endpoints other than BSC and Ethereum were affected by this exploit,” the company’s official statement said.

Source: XLink.btc

Despite the recovery on the BSC, approximately $5 million in mostly LunarCrush tokens remain locked on the Ethereum blockchain. However, the LunarCrush team is working closely with XLink to secure these funds — the majority of the $5 million has been “recovered or secured.”

Another $5 million worth of funds are locked on Ethereum, mainly LunarCrush tokens. The @LunarCrush team, in close coordination with the XLink team, has implemented measures to secure those tokens.

According to XLink, residual crypto funds worth around $500,000 are still locked on Ethereum, but a majority of the funds have been either recovered or secured.

Related: $20M exploit cripples Sonne Finance, hacker in no mood for negotiation

In response to the initial incident, the XLink team reacted quickly, temporarily suspending all operations on the bridge to conduct a thorough investigation. The investigation was carried out collaboratively with the team’s security partners — including Ancilia Inc. — and their Binance team liaisons.

Source: XLink.btc

XLink has insisted that all users that interacted with the compromised contracts should revoke any spending limits that were approved. The team issued detailed instructions and links were provided for ETH and BSC users to mitigate further risk to funds.

As we prepare to reopen XLink, it is urgent that Ethereum and BSC users check that their wallets have revoked access to the old compromised endpoint contracts. This step will assist in completely severing any connections with the compromised contract and mitigating any associated risks.

Users failing to do so remain at risk of losing their funds to the attacker.

Another exploit recently hit pump.fun, a Solana memecoin creation tool, after it was claimed that a former employee took the firm for almost $2 million through a “bonding curve” attack.

According to pump.fun on May 16, the ex-employee took actions to compromise the protocol’s internal systems. The smart contracts have since been announced as “safe” and victims of the incident will have “100% of [their] liquidity” restored. 

Related Articles

Responses