A significant portion of the roughly $573,000 stolen from multi-chain token bridge Allbridge has been returned, as exploiters appear to have accepted the project’s white hat bounty offer and refrained from legal retaliation.
Allbridge tweeted on April 3 that it received a message from an individual and 1,500 BNB, valued at approximately $465,000, was returned to the project. "The remaining funds will be considered a white hat bounty on that individual," Allbridge said.
It explained that all “received BNB” was then converted into the stablecoin Binance USD used as compensation.
Blockchain security firm Peckshield, which first discovered the attack on April 1, warned Allbridge in a tweet that its BNB on-chain pool swap prices were being manipulated by individuals acting as liquidity providers and exchangers. After exploiting the vulnerability, Allbridge offered the attacker a bounty and the opportunity to escape any legal consequences.
Allbridge has not publicly disclosed the stolen amount, but blockchain security firm CertiK said the amount was closer to $550,000, while PeckSheild said the exploit netted $282,889 in BUSD and $290,868 in Tether, totaling approximately $573,000. Allbridge also revealed that the second address used the same exploit and shared a link to a wallet that currently contains 0.97 BNB, worth about $300. "We asked the second exploiter to reach out and discuss returns," Allbridge said. After the initial exploit, Allbridge made it clear that it was tracking the stolen funds and was working with various organizations to recover the stolen loot.
BNB Chain was one of those heeding the call, reporting in an April 2 tweet that it had identified at least one of the culprits involved through on-chain analysis. According to BNB Chain, it "actively supports the Allbridge team in recovering funds" and applauds AvengerDAO for its recovery efforts.
