Allbridge rewards flash loan attacker who took $573K

The attacker who exploited the multichain token bridge Allbridge for $573,000 has been invited to become a white hat and get a reward.

On April 1, blockchain security startup Peckshield tweeted to Allbridge that a liquidity provider and swapper had manipulated the BNB Chain Pool swap price to drain $282,889 in Binance USD and $290,000 in Tether.

After the breach, Allbridge offered an undetermined bounty and the chance to escape legal repercussions in a tweet on April 1.

“Please contact us through the official means (Twitter or Telegram) or by text so we can consider this a white hat hack and negotiate the bounty in exchange for returning the funds,” Allbridge said.

Allbridge tweeted that they are pursuing the stolen funds.

Allbridge is “tracking the hacker through social networks” with its “partners and community.”

“We continue to monitor the breachers’ wallets, transactions, and related CEX accounts,” the statement said.

Allbridge said it is working with law enforcement, legal firms, and affected projects.

After fixing the issue, Allbridge’s bridge protocol will be reopened.

“We are also building a liquidity provider online interface to enable asset withdrawal,” the statement said.

Blockchain security firm CertiK analyzed the hack and called it a flash loan attack in an April 1 study.

CertiK reported that the attacker got a $7,500,000 BUSD flash loan, then initiated USDT swaps before depositing in BUSD and USDT liquidity pools on Allbridge. This changed the USDT pool price, allowing the hacker to trade $40,000 BUSD for $789,632 USDT.

PeckShield tweeted on March 31 that 26 crypto projects were attacked in March, costing $211 million.

The March 13 Euler Financial hack caused over 90% of the damages, while other costly exploits damaged Swerve Finance, ParaSpace, and TenderFi.