Bitcoin Bridge XLink Revival After $10M Hack
3 min readXLink, a prominent bridge in the Bitcoin blockchain ecosystem, is gearing up for its return after it was forced to shut down due to a significant security breach on May 15. The breach resulted in a $10 million loss and involved the Ethereum and BNB Smart Chain (BSC) endpoints. The XLink team first reported the security compromise on May 15 in the early morning hours, setting in motion a series of actions that now allow the company to reinitiate normal operations by May 17.
The security incident occurred when an attacker used a phishing scheme to gain access to private keys, subsequently controlling the BSC and Ethereum endpoints. This unauthorized control enabled the attacker to siphon off approximately $4.3 million. Fortunately, a white hat hacker intervened and successfully recovered the stolen assets shortly after the breach. Despite these efforts, when contacted for comments by , XLink did not provide an immediate response.
In an official statement, XLink clarified that only the BSC and Ethereum endpoints were affected by the exploit. The team has managed to recover most of the stolen funds on the BSC; Around $5 million, largely in LunarCrush tokens, remain locked on the Ethereum blockchain. The LunarCrush team is actively collaborating with XLink to secure these assets, confirming that the majority of this amount has been either “recovered or secured.”
The cooperation between LunarCrush and XLink has been pivotal in ensuring the safeguarding of the locked $5 million worth of LunarCrush tokens on Ethereum. Measures have been put in place to secure these tokens, although residual crypto funds amounting to approximately $500,000 are still locked. The majority of the funds are, fortunately, accounted for and secure.
In the wake of the hack, XLink took immediate action by suspending all bridge operations. This allowed the team to conduct a thorough investigation, working closely with security partners, including Ancilia, and liaising with their Binance counterparts. Through this collaborative effort, they scrutinized the breach’s scope and impact, making plans to bolster their security framework.
Focused on mitigating risks for their users, XLink advised everyone who had interacted with the compromised contracts to revoke any approved spending limits. The team provided detailed instructions to help ETH and BSC users secure their funds. As the team prepares to reopen the XLink bridge, they emphasized the importance of ensuring that wallets no longer have access to the compromised contracts. This precaution is crucial to sever any lingering vulnerabilities and protect users from potential future attacks.
Failure to revoke access from compromised contracts leaves users at risk of losing their funds to the attackers. The urgency of these preventative actions cannot be overstated, as the reopening of the XLink bridge hinges on the assurance that the security breach risks have been entirely mitigated.
Interestingly, the XLink incident follows closely on the heels of another exploit involving pump.fun, a Solana-based memecoin creation tool. Pump.fun reported that a former employee compromised their internal systems on May 16, executing a “bonding curve” attack and making off with nearly $2 million. Pump.fun has since declared their smart contracts safe and assured users that they will restore 100% of the affected liquidity. These incidents underscore the ongoing vulnerabilities within the blockchain ecosystem and the continuous need for vigilant security practices.
How can we trust XLink again after such a massive breach? $10 million lost is no joke. This doesn’t inspire confidence in their security measures.
Great job XLink! Security and community always come first! So proud of your effort!
XLinks resilience is admirable! Well be right here cheering you on!
Saying only BSC and Ethereum endpoints were affected doesn’t make it any better. It’s still a huge security fail.🛑
Trusting XLink again after such a major lapse in security feels like putting money back into a leaking jar.💸🚫
Big applause to XLink and the teams for their dedication and swift actions!
XLink’s fast recovery is a testament to their resilience! Let’s move forward stronger! 💎✨
This is a disaster waiting to happen again. Phishing attacks shouldn’t be so easy if their security was up to standard.
The fact that a white hat hacker had to step in to recover the funds speaks volumes about XLink’s incompetence.
Love how XLink bounced back so efficiently! Excited for the grand reopening!
Cheers to the rapid recovery of XLink! Good luck with the relaunch!
Why is it always after something goes horribly wrong that companies like XLink decide to ‘bolster their security framework’? Too little, too late.
The timing of this breach so soon after another one with Pump.fun is alarming. Is anyone truly safe in this space?😣
Sad to see another blockchain platform fall victim to such poor security. Makes you wonder if any of them are safe.
Amazing response to a crisis, XLink! You guys rock! Ready for your smooth relaunch!
Way to go XLink! Awesome coordination with LunarCrush. Blockchain collaboration at its best! 🤝💙