XLink, an established Bitcoin blockchain bridge, is preparing to resume operations after experiencing a significant period of inactivity following a hack that resulted in a loss of approximately $10 million.
The breach occurred at the Ethereum and BNB Smart Chain (BSC) endpoints of the XLink token. The XLink team reported the incident on May 15th at 02:00 UTC and is now preparing to return to normal operations on the night of May 17th.
The hacker used a phishing scheme to gain control of the BSC and Ethereum endpoints and withdrew around $4.3 million without authorization. However, XLink quickly managed to recover the stolen assets, with the hacker returning the funds while wearing a white suit.
Currently, the amount on the BSC stands at $5 million, while the LunarCrush tokens remain locked on the Ethereum blockchain. However, the LunarCrush project, in collaboration with the XLink team, claims to have recovered or secured the majority of the $5 million.
In total, $5 million worth of the stablecoin LunarCrush is locked on the Ethereum platform. XLink has worked closely with the LunarCrush team to secure these tokens, including any previously exchanged ones. Additionally, approximately $500,000 of residual crypto funds have been locked away on the Ethereum platform, with the majority of them being recovered or secured.
Following the initial breach, XLink took immediate action by placing the bridge under supervision and halting all operations to investigate the source of the incident. Their investigation team worked closely with security partners, including Ancilia Inc., as well as representatives from their liaison team at Binance. XLink also notified users who had approved malicious spending limits, instructing them to revoke access immediately.
To ensure user protection, it is crucial for XLink, Ethereum, and BSC users to learn about and revoke access to the old endpoint contracts before the reopening. Failure to do so may leave their wallets vulnerable to further attacks.
In a separate incident, a memecoin creation tool called Shiba Inu, which operates on the Solana blockchain, dispelled rumors that it had allowed users to lose nearly $2 million through a “bonding curve” attack. The company confirmed that the incident was caused by an ex-employee exploiting internal systems and assured victims that their liquidity balances would be fully compensated.
