- XLink, a Bitcoin blockchain bridge, is set to resume operations after a $10 million hack compromised its Ethereum and BSC endpoints.
- Most of the stolen funds, including a significant portion of LunarCrush tokens, have been recovered or secured.
- Users are urged to revoke access to compromised contracts to mitigate further risks.
XLink, a Bitcoin blockchain bridge, is gearing up to restart services following a significant security breach that resulted in a $10 million hack. The breach, which specifically affected its Ethereum and Binance Smart Chain (BSC) endpoints, occurred in the early hours of May 15. The XLink team has worked diligently over the past few days and is now nearing the completion of recovery efforts as of May 17.
Incident Details and Response
The security breach was executed via compromised private keys obtained through a phishing scheme. This allowed the attacker unauthorized control over the BSC and Ethereum endpoints, leading to the withdrawal of approximately $4.3 million. Fortunately, a white hat hacker intervened shortly after, helping to recover the stolen assets.
Despite the initial success in recovering funds on the BSC, about $5 million in LunarCrush tokens remained locked on the Ethereum blockchain. Collaborative efforts between the LunarCrush team and XLink have since secured the majority of these funds, with only about $500,000 still locked but considered secure.
Comprehensive Recovery and Safety Measures
In response to the hack, XLink temporarily suspended all operations on the bridge to conduct a thorough investigation and implement necessary security measures. The investigation, conducted in partnership with security firm Ancilia and liaisons from Binance, was aimed at understanding the breach’s extent and preventing future incidents.
XLink has issued a strong recommendation for all users who interacted with the compromised contracts to revoke any approved spending limits to avoid further risks. Detailed instructions and links for revoking these permissions on both ETH and BSC have been provided by XLink, emphasizing the urgency of these actions to ensure user safety.
