- The cross-chain protocol Allbridge has suffered a $570,000 attack.
- The project confirmed the incident and temporarily closed the bridge for further investigation.
- DeFi projects lost over $200 million in March.
BNB Chain pool and cross-chain solutions provider Allbridge suffered a $570,000 attack, according to blockchain security firm Peckshield.
Peckshield first detected the attack and informed Allbridge about possible manipulation of its swap formula. According to the firm, the hacker manipulated the pool swap price, acting as a liquidity provider and trader, allowing them to drain the pool of 282,889 BUSD and 290,868 USDT.
Meanwhile, Allbridge confirmed the incident and temporarily closed the bridge for further investigation.
We are investigating the current situation with the BNB Chain pools.
The bridge has been temporarily shut down during the investigation.
We apologize for the inconvenience.
— Allbridge (@Allbridge_io) April 2, 2023
How Was AllBridge Attacked?
Another blockchain security firm, Certik, confirmed the reports of the Allbridge attack. According to the firm, the attacker stole approximately $549,874 by manipulating the pool swap price.
Allbridge Exploit (Source: Peckshield)
The firm detailed that the attacker first took out a 7.5 million BUSD flash loan, converted two million to BUSD, and deposited five million into the BUSD pool. Then, the attacker converted 500,000 BUSD to USDT and deposited two million USDT into the USDT pool.
Certik detailed that the attacker used these funds to manipulate prices on Allbridge, repay the flash loan, and result in the stolen funds.
3/ Next, the attacker swapped 40K BUSD for 789,632 USDT at a manipulated price on Allbridge and withdrew 1,995,193 USDT from the USDT pool.
Finally, the attacker swapped 2,786,062 USDT for 2,789,971 BUSD and repaid the flashloan.
— CertiK Alert (@CertiKAlert) April 2, 2023
DeFi Projects Lost $211 Million in March
In March, 26 crypto projects suffered a total loss of $211 million, according to Peckshield. The attack on Euler Finance on March 13 was responsible for 90% of the recorded losses.
Mart Ayının En İyi 5 DeFi Saldırısı Kaynak: PeckShield
Other major attacks of the month included projects such as Safemoon, ParaSpace, TenderFi, and Swerve Finance. All of them lost over $1 million, with Safemoon’s liquidity pool attack resulting in a loss of $8.9 million.
Throughout the period, a malicious actor stole 56 Bitcoin ($1.5 million) from General Bytes bitcoin ATMs. The ATM manufacturer stated that the attack gained access to hot wallets and exchanges. General Bytes released a fix for this attack.
Overall, March was the busiest hacker month of the year so far. According to DeFillama data, hackers stole less than $40 million between January and February.
Meanwhile, the rate of DeFi attacks has significantly decreased this year compared to 2022. At that time, several major attacks resulted in losses of over $4 billion.
Disclaimer
All information on our website is published in good faith and for general information purposes only. Any action taken by the reader based on the information found on our website is entirely at their own risk.
