XLink experienced a security breach resulting in nearly $10 million, but fortunately, a benevolent white hat hacker helped recover $4.3 million of the lost funds.
XLink, a well-known Bitcoin blockchain bridge, is gearing up for a revival following its closure on May 15 due to a $10 million hack.
The security breach, affecting XLink’s Ethereum and BNB Smart Chain (BSC) endpoints, was disclosed by the XLink team in the early hours of May 15. As May 17 draws to a close, the team is making preparations to return to regular operations.
The perpetrator utilized compromised private keys through a phishing scheme, enabling them to take control of both BSC and Ethereum endpoints and withdraw approximately $4.3 million unlawfully. However, XLink, a white hat hacker, swiftly recovered the pilfered assets.
Despite Cointelegraph’s attempts to obtain a comment from XLink, they did not receive a response at the time of publication. XLink’s official statement asserted that only BSC and Ethereum endpoints were impacted by the breach, with no other endpoints affected.
Although there has been a rebound on the Binance Smart Chain (BSC), around $5 million worth of predominantly LunarCrush tokens are still inaccessible on the Ethereum blockchain. Nevertheless, the LunarCrush team is collaborating closely with XLink to ensure the safety of these funds, with the majority of the $5 million either retrieved or safeguarded.
XLink reports that approximately $500,000 in crypto funds remain inaccessible on the Ethereum network, though most of the funds have been either retrieved or safeguarded.
Following the initial incident, the XLink team promptly took action by temporarily halting all bridge operations to conduct a comprehensive investigation. This investigation was conducted in close collaboration with their security partners, including Ancilia, as well as their liaisons from the Binance team.
XLink urges all users who engaged with the compromised contracts to revoke any approved spending limits as a precautionary measure. The team has issued comprehensive guidelines and provided links for both ETH and BSC users to minimize the potential risk to their funds.
Users who do not comply are still in danger of losing their funds to the attacker.
Another exploit recently targeted pump.fun, a tool for creating Solana memecoins. It was alleged that a former employee defrauded the company of nearly $2 million through a “bonding curve” attack.
Pump.fun stated that on May 16, the ex-employee made moves to infiltrate the protocol’s internal systems. The smart contracts have now been declared secure, and those affected by the incident will have their liquidity fully restored.
Read More: Worldcoin strengthens security by open-sourcing biometric data system
Disclaimer:
This content is AI-generated using IFTTT AI Content Creator. While we strive for accuracy, it’s a tool for rapid updates. We’re committed to filtering information, not reproducing or endorsing misinformation. – Jomotoday for more information visit privacy policy
Leave a Comment