Extensive recovery effort leads to recovery plan after security breach
XLink, a popular Bitcoin blockchain bridge, is set to recover after a devastating $10 million hack that temporarily halted operations. The security breach, first reported on May 15, affected the bridge’s Ethereum and BNB Smart Chain (BSC) endpoints.
Details of Hacking and Recovery Efforts
The breach resulted from private keys obtained through a phishing attack being compromised, allowing for the unauthorized withdrawal of approximately $4.3 million. However, thanks to the intervention of white hat hackers, much of the stolen assets were quickly recovered.
During the operational outage, the XLink team worked with security partners and Binance liaisons to conduct an extensive review to secure the platform and prevent further incidents. Most of the stolen funds, including a significant amount of LunarCrush tokens, have now been recovered or secured, and ongoing efforts are underway to recover the remainder.
Ready to resume
As XLink prepares to resume normal operations, it has issued emergency guidance to its users, particularly those who have interacted with compromised contracts on Ethereum and BSC. The bridge team provided detailed guidance on how to revoke approved spending limits to mitigate further risk.
User Responsibilities and Security Measures
XLink emphasizes that it is important for users to revoke access to old, compromised endpoint contracts to protect their funds from potential threats. This proactive action is important to ensure that users sever all ties to compromised contracts and protect their assets.
Ongoing security and future protection measures
In light of recent attacks, XLink is strengthening its security measures to make its platform more secure and restore user trust. Bridge’s commitment to security and transparency remains steadfast as it addresses the challenges posed by the digital asset environment.
The incident at XLink is part of a broader trend of security concerns within the cryptocurrency industry. For example, another recent exploit targeted Pump.fun, a Solana-based memecoin creation tool, resulting in significant financial losses due to a “bond curve” attack. Despite these challenges, affected platforms are taking strong steps to address vulnerabilities and compensate affected users.
Impact on the industry and future direction
As XLink and other platforms recover from security breaches, the cryptocurrency industry continues to evolve, highlighting the need for improved security protocols and user education to prevent similar incidents in the future. The resilience and rapid response of these platforms demonstrates their commitment to user protection and the overall health of the cryptocurrency ecosystem.
XLink Bridge Incident Update:
We have recently identified a security issue with XLink Bridge. Our team acted quickly to block the attack vector.
XLink endpoints for Ethereum and BNB are compromised. Endpoints on other chains, including Bitcoin multisig, are not affected…
— XLink.btc – Connects all Bitcoin Layer 2 (@XLinkbtc) May 15, 2024