Bitcoin Bridge XLink Bounces Back Despite $10M Hack

After shutting down on May 15, bitcoin Bridge XLink bounces back despite a $10M theft thanks to a neighborhood white hat hacker.

XLink, a well-established blockchain bridge for Bitcoin BTC (down $66,154), is preparing for a comeback after being shut down on May 15 due to a $10 million breach.

A security vulnerability compromised XLink’s Ethereum and BNB Smart Chain (BSC) endpoints. The XLink team initially disclosed the breach during the early hours of May 15. As of May 17, the breach has been resolved, and the team is preparing to return to regular operations.

By utilizing compromised private keys obtained through deception, the assailant gained unauthorized access to the BSC and Ethereum endpoints and withdrew approximately $4.3 million. Nevertheless, a whitehat hacker recovered the plundered assets shortly after that, according to XLink.

When Cointelegraph attempted to contact XLink for comment, it had yet to obtain a reply as of publication. “Only BSC and Ethereum were impacted by this vulnerability,” the organization stated in an official statement.

Around $5 million in tokens, the majority of which are LunarCrush tokens, remain trapped on the Ethereum blockchain despite the recovery of the BSC. Nonetheless, the LunarCrush team is collaborating closely with XLink to ensure the security of these funds; thus far, a substantial portion of the $5 million has been “recovered or secured.”

Another $5 million worth of funds are locked on Ethereum, mainly LunarCrush tokens. The @LunarCrush team, in close coordination with the XLink team, has implemented measures to secure those tokens.

XLink reports that approximately $500,000 in residual cryptocurrency funds remain on Ethereum; however, most funds have been recovered or secured.

Promptly following the initial incident, the XLink team temporarily halted all bridge operations to carry out an extensive investigation. The investigation was conducted with the Binance team liaisons of the team’s security partners, including Ancilia Inc.

XLink has mandated that all users who engaged with the compromised contracts revoke any authorized spending limits. Links and comprehensive instructions were furnished to ETH and BSC users to alleviate additional risks to their funds.

As we prepare to reopen XLink, it is urgent that Ethereum and BSC users check that their wallets have revoked access to the old compromised endpoint contracts. This step will assist in completely severing any connections with the compromised contract and mitigating any associated risks.

Users who fail to do so expose themselves to the continued threat of having their funds compromised by the perpetrator.

Recently, another vulnerability was discovered in the Solana memecoin creation tool pump.fun, following reports that a former employee used a “bonding curve” attack to steal nearly $2 million from the company.

As reported by pump.fun on May 16, the former employee engaged in activities that compromised the internal systems of the protocol. It has been declared that the smart contracts are “safe” at this time, and “one hundred percent of [their] liquidity” will be restored to those affected.