hacker

Allbridge exploiter returns most of the $573K stolen in attack

An exploit resulted in around $573,000 in crypto looted from Allbridge, but the hacker has now seemingly accepted the offer of a “white hat bounty.”

A large portion of the roughly $573,000 pilfered from the multichain token bridge Allbridge has been returned after the exploiter seemingly took up the project’s offer for a white hat bounty and no legal retaliation.

Allbridge tweeted on April 3 that it received a message from an individual and 1,500 BNB (BNB), worth around $465,000, was returned to the project.

“The remaining funds will be considered a white hat bounty to this person,” Allbridge said.

Update on the exploit

1/ Our team was contacted by the owner of https://t.co/EW1uxXBQpD.

1500 BNB was returned to our team. The remaining funds will be considered a white hat bounty to this person.

— Allbridge (@Allbridge_io) April 3, 2023

It explained that all the “received BNB” was then converted to the stablecoin Binance USD (BUSD) to be used as compensation.

Blockchain security firm Peckshield first identified the attack carried out on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper.

Following the exploit Allbridge offered the attacker a bounty and the chance to escape any legal ramifications.

Allbridge has yet to publicly disclose how much was stolen, but blockchain security firm CertiK said the sum is close to $550,000, while PeckSheild said the exploit netted $282,889 in BUSD and $290,868 worth of Tether (USDT), totaling roughly $573,000.

Allbridge also revealed that a second address used the same exploit and shared a link to a wallet that currently contains 0.97 BNB, valued at around $300.

“We ask the second exploiter to reach out and discuss the return,” Allbridge said.

Following the initial exploit, Allbridge made it clear it was hot on the trail of the stolen funds and was working with a wide variety of organizations to retrieve the stolen loot.

BNB Chain was among those who answered the call to arms, reportingin an April 2 tweet that it discovered at least one of the culprits involved through on-chain analysis.

BNB Chain has identified the Allbridge attacker following on-chain analysis. We are actively supporting the Allbridge team on the fund recovery. The Allbridge team has offered the hacker a bounty.

We’d like to recognize the effort of AvengerDAO in this recovery effort.

— BNB Chain (@BNBCHAIN) April 2, 2023

According to BNB Chain, it’s “actively supporting the Allbridge team on the fund recovery” and gave a shout-out to AvengerDAO for its efforts in the recovery.

Cointelegraph contacted Allbridge for further comment but did not receive an immediate response.

Magazine: US and China try to crush Binance, SBF’s $40M bribe claim: Asia Express

Allbridge offers bounty to exploiter who stole $573K in flash loan attack

Allbridge offered a hacker who pilfered $573,000 from its platform a chance to come forward as a white hat and forgo any legal ramifications.

The attacker behind a $573,000 exploit on the multichain token bridge Allbridge has been offered a chance by the firm to come forward as a white hat and claim a bounty.

Blockchain security firm Peckshield first identified the attack on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper, who was able to drain the pool of $282,889 in Binance USD (BUSD) and $290,868 worth of Tether (USDT).

In an April 1 tweet following the hack, Allbridge offered an olive branch to the attacker in the form of an undisclosed bounty and the chance to escape any legal ramifications.

To hacker’s attention: addressing the incident and the next steps

1. We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack.

— Allbridge (@Allbridge_io) April 2, 2023

“Please contact us via the official channels (Twitter/Telegram) or send a message through tx, so we can consider this a white hat hack and discuss the bounty in exchange for returning the funds,” Allbridge wrote.

In a separate series of tweets, Allbridge made it clear they are hot on the trail of the stolen funds.

With the help of its “partners and community,” Allbridge said it’s “tracking the hacker through social networks.”

“We continue monitoring the wallets, transactions, and linked CEX accounts of individuals involved in the hack,” it added.

Allbridge also stated it’s working with law firms, law enforcement and other projects affected by the exploiter.

According to Allbridge, its bridge protocol has been temporarily suspended to prevent the potential exploits of its other pools; once the vulnerability has been patched, it will be restarted.

5/ The bridge has been temporarily suspended to prevent the potential exploits of the other pools. We will restart it once the vulnerability has been patched.

— Allbridge (@Allbridge_io) April 2, 2023

“In addition, we are in the process of deploying a web interface for liquidity providers to enable the withdrawal of assets,” it added.

Blockchain security firm CertiK offered an in-depth breakdown of the hack in an April 1 post, identifying the method used was a flashloan attack.

CertiK explained the attacker took a $7.5 million BUSD flash loan, then initiated a series of swaps for USDT before deposits in BUSD and USDT liquidity pools on Allbridge were made. This manipulated the price of USDT in the pool, allowing the hacker to swap $40,000 of BUSD for $789,632 USDT.

According to a March 31 tweet from PeckShield, March saw 26 crypto projects hacked, resulting in total losses of $211 million.

#PeckShieldAlert ~26 exploits grabbed $211.5M in March 2023.
Regarding the @eulerfinance exploit, the estimated loss is $197M. The exploiter has returned 84,963.4 $ETH (~$152.8M) and 29.9M $DAI to the Deployer, and he has already transferred 1,100 $ETH to Tornado Cash pic.twitter.com/kf2Ul4uIun

— PeckShieldAlert (@PeckShieldAlert) March 31, 2023

Euler Finance’s March 13 hack was responsible for over 90% of the losses, while other costly exploits were suffered by projects including Swerve Finance, ParaSpace and TenderFi.

Cointelegraph contacted Allbridge for comment but did not receive an immediate response.

Magazine: Crypto winter can take a toll on hodlers’ mental health

Bitcoin ATM maker to refund customers impacted by zero-day hack

General Bytes has implemented several measures in the wake of the hack, including offering to reimburse its cloud-hosted customers and adding new security measures.

Bitcoin ATM manufacturer General Bytes says it is reimbursing its cloud-hosted customers that lost funds in a “security incident” in March that saw its customers’ hot wallets accessed.

As previously reported by Cointelegraph, a hacker gained access to sensitive information, including passwords, private keys and funds from hot wallets on March 17 and 18 after remotely uploading a Java application into General Bytes’ terminals. The ATM manufacturer detailed the attack in a March 23 incident report.

In a recent statement to Cointelegraph, the ATM manufacturer said have since been moving swiftly to “address the situation” and has made the decision to refund its “cloud-hosted customers who have lost funds.”

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR…

— GENERAL BYTES (@generalbytes) March 18, 2023

“We have taken immediate steps to prevent further unauthorized access to our systems and are working tirelessly to protect our customers,” General Bytes said in a statement.

It was understood that the hack led to at least 56 Bitcoin (BTC), worth over $1.5 million at current prices, and 21.82 Ether (ETH), $37,000 at current prices, being deposited into wallets connected to the hacker.

According to General Bytes, it has thoroughly assessed the damages from the hack and has been “working tirelessly” to improve security measures and prevent similar incidents from happening again.

*General Bytes told affected customers to implement new security measures after the hack. Source: General Bytes*

Along with the reimbursement for affected customers, the ATM manufacturer has also said they are encouraging all customers to migrate to a self-hosted server installation, where they can effectively secure their server platform using VPN.

“We are investing heavily in additional human resources to assist our clients in migrating their existing infrastructure to a self-hosted server installation.”

According to General Bytes, the hack did not affect most ATM operators using self-hosted server installations, “as these customers employ VPN technology to protect their infrastructure.”

The ATM manufacturer first warned customers about the hacker in a March 18 patch release bulletin. As a result of the security breach, General Btyes shuttered its cloud services.

“General Bytes takes the security of our customers’ funds and data very seriously. We apologize for any inconvenience caused and remain committed to serving our customers with integrity and professionalism.”

The company is based in Prague and, according to its website, has sold over 15,000 Bitcoin ATMs to purchasers in over 149 countries all over the world.

White hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?

The ethical exploiter thanked Arbitrium for the 400 ETH payday but said such a find should be eligible for the max bounty of nearly 1,500 ETH, or $2 million.

A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find.

Known as riptide on Twitter, the hacker described the exploit as the use of an initializing function to set their own bridge address, which would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro.

Riptide explained the exploit in a Medium post on Tuesday:

“We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.”

The hack could have potentially netted tens or even hundreds of millions worth of ETH, as the largest deposit riptide recorded in the inbox was 168,000 ETH worth over $225 million, and typical deposits ranged from 1000 to 5000 ETH in a 24-hour period, worth between $1.34 to $6.7 million.

Despite the earning potential from the ill-gotten gains, riptide was thankful that the “extremely based Arbitrum team” provided a 400 ETH bounty, worth over $536,500. However, they added later on Twitter that such a find “should be eligible for a max bounty,” which is worth $2 million.

No big deal just bridging a cool $470mm through the same Inbox contract

Definitely should be eligible for a max bounty

https://t.co/w7S58QNQZu

— riptide (@0xriptide) September 20, 2022

Neither Arbitrum nor its creator company OffChain Labs have publicly commented on the exploit; Cointelegraph contacted OffChain Labs for comment but did not immediately hear back.

Arbitrum is a layer-2 Optimistic Rollup solution for Ethereum, clustering batches of transactions before submitting them to the Ethereum network in an effort to minimize network congestion and save on fees. Arbitrum Nitro launched on Aug. 31st, an upgrade aimed to simplify communication between Arbitrum and Ethereum, as well as increasing its transaction throughput at lower fees.

Similar style bridge hacks have been successful for exploiters this year, notably, the $100 million stolen from the Horizon Bridge in June and the recent Nomad token bridge incident in August, which saw $190 million drained by the original and “copycat” hackers repeating the exploit.

3 ways scammers will try to fool you over Ethereum’s Merge

Besides fake ETH 2.0 tokens and malicious token airdrops, crypto users should also be on the lookout for staking pools offering attractive staking yields.

Scammers are likely to use excitement around the Ethereum Merge to launch new scams aimed at newbie crypto users, PolySwam CEO and co-founder Steve Bassi has warned.

The Ethereum Merge is expected to take place within the next 24 hours.

Speaking to Cointelegraph, Bassi said these scams could come in the form of fake ETH 2.0 tokens, fraudulent mining pools and fake airdrops.

PolySwam is a decentralized cybersecurity marketplace that connects cybersecurity experts to projects and companies through the use of bounties.

Fraudulent staking pools

The Ethereum upgrade marks the transition from the current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS).

Bassi said that for many Ether (ETH) holders, joining a staking pool will be their only way of reaping yield from staking rewards if they don’t have the 32 ETH required to become an independent validator.

“Staking is a pretty new concept for most of the crypto community and unless you’ve got 32 ETH lying around you’re going to have to join one of the staking pools to make a yield off your ETH.”

Bassi, however, warned that pooled staking providers “carry their own risk” as it often requires users to deposit and give up control of their ETH.

Bassi said that upstart staking providers, which “may offer very attractive terms” could perform “sudden rug pulls” that would affect those participating in the pool:

“This risk exists today with DeFi platforms/pools and tokens, but the Merge will give scammers a new character universe to work with.”

Upgrade scam

One of the more imminent threats involves scammers attempting to trick users into signing fraudulent transactions or parting with their private keys under the guise of migrating to the new Ethereum chain.

Bassi reiterated that the upgrade to proof-of-stake should be transparent, and a user should not need to do anything to migrate or preserve their ETH-based tokens, noting:

“We’ll likely see scammers try to get users to sign fraudulent transactions and/or leak private keys based on some false pretense that the user needs to do something to migrate chains.”

Fake airdrops

Another likely attack vector will come in the form of “fake airdrops,” added Bassi — convincing users to sign transaction messages or visit phishing sites in order to receive a bogus airdrop:

“The ETH Merge will be a good excuse for these scammers to masquerade as well-known, economically valuable, projects promising airdrops.”

“Those airdrops will likely redirect users to a phishing site where they may be fleeced out of their ETH, private keys, and/or crafted transaction signing attempts.”

The Ethereum Foundation has called the upcoming Merge the “most significant upgrade in the history of Ethereum” and has urged users to be on “high alert” for scams trying to take advantage of users during the transition. It has repeatedly warned there is no such thing as an ETH2 or ETH 2.0 coin.

The upgrade is expected by most onlookers to be a success, given the experience in the previous testnets. However, Bassi said there could still be a chance that scammers or hackers have found a way to game the system:

“We don’t really know if a group of scammers/hackers out there has already developed an attack or DDoS technique against the chain which can be used post-Merge when ETH 2.0 has the full economic value of ETH 1.0 moved over.”

“If there were such an attack it’s likely to only temporarily affect the chain and, possibly, the market as there a lot of smart eyes watching behavior post-Merge. However, an attacker will likely be looking for the opportunity to monetize any discoveries.”