XLink, a Bitcoin blockchain bridge, is set to resume operations on May 17 after a shutdown due to a $10 million hack on May 15.
XLink, an established Bitcoin blockchain bridge, is preparing for a resurgence following its forced shutdown on May 15 due to a $10 million hack.
XLink Involved In Hack
A security compromise occurred at XLink, which involved its Ethereum and BNB Smart Chain (BSC) endpoints. This hack was perpetrated on XLink.
The team first announced the breach in the early hours of May 15, and they are finally preparing to resume normal operations on May 17.
The attacker used compromised private keys in a phishing scam to take control of the BSC and Ethereum endpoints and withdraw approximately $4.3 million without authorization.
But it claims that a hacker wearing a white hat was able to retrieve the stolen assets in a short amount of time. “This exploit did not affect any endpoints other than BSC and Ethereum,” the firm said in its official statement.
Despite the recovery on the BSC, approximately $5 million worth of tokens, primarily LunarCrush tokens, remain locked on the Ethereum blockchain.
However, the LunarCrush team is working closely with XLink to safeguard these funds, having “cleaned or secured” the majority of the $5 million.
Another $5 million worth of funds are locked on Ethereum, mainly LunarCrush tokens. The @LunarCrush team, in close coordination with the XLink team, has implemented measures to secure those tokens.
According to them, there is still crypto money worth approximately $500,000 that is locked on Ethereum, however, the majority of these funds have either been recovered or secured before they were locked on Ethereum.
The team swiftly responded to the initial incident, leading to the temporary halt of all bridge operations to conduct a thorough investigation.
We carried out the investigation cooperatively with the team’s security partners, including Ancilia, and their liaisons from the Binance team.
XLink mandates that all users involved in the compromised contracts must withdraw any approved spending limitations.
To mitigate any additional risk to funds, the team released comprehensive guidelines and made links available to users of ETH and BSC. Users continue to put themselves at risk of having their funds stolen by the attacker if they fail to do so.
“As we prepare to reopen XLink, it is urgent that Ethereum and BSC users check that their wallets have revoked access to the old compromised endpoint contracts. This step will assist in completely severing any connections with the compromised contract and mitigating any associated risks.”
A former employee allegedly used a “bonding curve” attack to steal approximately $2 million from pump.fun, a platform for creating Solana memecoins.
We recently discovered this issue after reporting another exploit on the tool. Pump.fun reports that on May 16, the former worker initiated activities aimed at undermining the protocol’s internal mechanisms.
Since then, it has been declared that the smart contracts are reliable, and those who were affected by the incident will have “one hundred percent of their liquidity” restored.