The resurrection of Bitcoin bridge XLink is underway with a $10M hack.
XLink is gearing up for a comeback after the Bitcoin (BTC) blockchain bridge was shut down on May 15 following a $10 million hack.
XLink was the victim of a security breach involving Ethereum and BNB Smart Chain (BSC) endpoints. The XLink team first disclosed the breach in the early hours of May 15, and the team is now preparing to resume normal operations on May 17.
The attacker used compromised private keys using a phishing technique that allowed them to take control of BSC and Ethereum endpoints and make an unauthorized withdrawal of $4.3 million. However, according to XLink, the stolen assets were soon recovered by the Whitehat hacker.
Cointelegraph reached out to XLink for comment, but did not receive a response by print. “No endpoints except BSC and Ethereum were affected by this exploit,” the company's official statement said.
While recovery is possible on BSC, nearly $5 million worth of mostly Mooncrash tokens are locked away on the Ethereum blockchain. However, the LunarCrush team is working closely with XLink to secure these funds – most of the $5 million has been “returned or verified.”
Another $5 million worth of funds are locked up on Ethereum, mainly LunarCrush tokens. The @LunarCrush team has taken steps to protect those signals in close coordination with the XLink team.
According to XLink, about $500,000 worth of remaining crypto funds are still locked up on Ethereum, but most of the funds have been returned or secured.
Related: $20M Exploitation Sonne Finance Disabled, Hacker in No Sense of Negotiation
In response to the first incident, the XLink team responded quickly, temporarily suspending all work on the bridge to conduct a thorough investigation. The investigation was carried out in collaboration with the group's security partners – including Ancilia Inc. – and their Binance Group contacts.
XLink insists that all users dealing with breached contracts must waive any authorized spending limits. The group has issued detailed guidelines and links to ETH and BSC users to further reduce financial risk.
As we prepare to reopen XLink, it is urgent that Ethereum and BSC users ensure that their wallets have revoked the old broken endpoint contracts. This step helps to completely cut off any contact with a breached contract and minimize any associated risks.
Users who fail to do so are at risk of losing their funds to the attacker.
Another exploit recently hit a Solana memecoin creation tool pump.fun, after which a former employee took almost $2 million from the firm through a “binding curve” attack.
According to pump.fun on May 16, the former employee took steps to compromise the protocol's internal systems. The smart contracts are declared “secure” and the victims will have “100%” [their] “Liquidity” has been restored.
Magazine: UK cannabis millionaire legal ‘deals on wheels' via crypto