A large portion of the roughly $573,000 pilfered from the multichain token bridge Allbridge has been returned after the exploiter seemingly took up the project’s offer for a white hat bounty and no legal retaliation.
“The remaining funds will be considered a white hat bounty to this person,” Allbridge said.
Update on the exploit
1/ Our team was contacted by the owner of https://t.co/EW1uxXBQpD.
1500 BNB was returned to our team. The remaining funds will be considered a white hat bounty to this person.
— Allbridge (@Allbridge_io) April 3, 2023
It explained that all the “received BNB” wa then converted to the stablecoin Binance USD (BUSD) to be used as compensation.
Blockchain security firm Peckshield first identified the attack carried out on April 1, warning Allbridge in a tweet that its BNB Chain pools swap price was being manipulated by an individual acting as a liquidity provider and swapper.
Following the exploit Allbridge offered the attacker a bounty and the chance to escape any legal ramifications.
Allbridge has yet to publicly disclose how much was stolen, but blockchain security firm CertiK said the sum is close to $550,000 while PeckSheild said the exploit netted $282,889 in BUSD and $290,868 worth of Tether (USDT), totaling roughly $573,000.
Allbridge also revealed that a second address used the same exploit and shared a link to a wallet that currently contains 0.97 BNB, valued at around $300.
“We ask the second exploiter to reach out and discuss the return,” Allbridge said.
Following the initial exploit, Allbridge made it clear they were hot on the trail of the stolen funds and were working with a wide variety of organizations to retrieve the stolen loot.
BNB Chain has identified the Allbridge attacker following on-chain analysis. We are actively supporting the Allbridge team on the fund recovery. The Allbridge team has offered the hacker a bounty.
We’d like to recognize the effort of AvengerDAO in this recovery effort.
— BNB Chain (@BNBCHAIN) April 2, 2023
According to BNB Chain it’s “actively supporting the Allbridge team on the fund recovery,” and gave a shout-out to AvengerDAO for its efforts in the recovery.
Cointelegraph contacted Allbridge for further comment but did not receive an immediate response.