On May 20, Bitcoin bridge XLink revealed a partnership with cybersecurity firm Kaamel Technology, marking its first significant effort to address a security incident that occurred on May 15.
This breach compromised its Ethereum and BNB Smart Chain (BSC) endpoints, resulting in the unauthorized withdrawal of approximately $10 million in user funds. In response, XLink has heightened its security measures by also accelerating its collaborations with Ancilia and Cobo to enhance the platform’s defenses against potential future incidents.
Details of the Security Breach
The breach, disclosed by XLink on May 15, compromised the platform’s Ethereum and BNB Smart Chain endpoints. Attackers exploited compromised private keys through a phishing scheme, allowing unauthorized withdrawals of approximately $4.3 million. Fortunately, a white hat hacker soon recovered the stolen assets on the BSC. Despite this, about $5 million, mostly in LunarCrush tokens, remains locked on the Ethereum blockchain. The LunarCrush team is working closely with XLink to secure these funds, with most of the $5 million already recovered or secured.
Kaamel Technology’s role in the partnership is to conduct an in-depth investigation into the breach, identifying the root cause and implementing measures to eliminate vulnerabilities. XLink has stated that this strategic engagement aims to ensure the platform’s security is reinforced against future incidents.
In addition to this partnership, XLink is enhancing its real-time on-chain monitoring infrastructure through its collaboration with Ancilia Inc. Ancilia played a crucial role in alerting XLink to the recent attack, enabling timely mitigation actions that prevented further theft. XLink emphasized that the partnership with Ancilia is vital for maintaining robust security measures and real-time threat detection.
Moreover, XLink is expanding its partnership with its BTC custodian, Cobo. This expansion involves accelerating the migration of XLink’s web3 key management to Cobo’s MPC (Multi-Party Computation) infrastructure. XLink highlighted Cobo’s robust setup, which secured the reserve asset of aBTC, as a critical component of their enhanced security measures.
Impact on Alex Labs
The security breach on May 15 also affected Bitcoin layer-2 developer Alex Labs, the creator of the XLink bridge. Approximately $13.7 million in Stacks tokens were siphoned from Alex Labs due to compromised private keys. The hacker gained control of a vault management system related to the ALEX liquidity pool, stealing all assets within the vault. About 3 million STX tokens were transferred to various centralized exchanges (CEXs). The ALEX team is actively monitoring the hacker’s wallet, and all known CEX accounts related to the hacker have been frozen.
To mitigate further risks, the ALEX team has set up multiple alarms to monitor suspicious addresses potentially created by the attacker. They have also shared current forensic data with relevant CEXs. The team is evaluating the use of ALEX reserves held by the ALEX Lab Foundation to fund the Treasury Grant Program. Additionally, they are considering issuing a SIP (Stacks Improvement Proposal) to the Stacks community to destroy the unrecovered stolen STX tokens and issue new tokens to affected users.
Commitment to Security
XLink has expressed its commitment to fortifying the platform’s security through these partnerships and ongoing efforts. The company plans to announce additional collaborations in the future to ensure comprehensive security measures are in place. The swift actions and strategic engagements with cybersecurity experts are part of XLink’s broader initiative to enhance the platform’s resilience against threats and protect user assets.
As the investigation into the breach continues, XLink and its partners remain focused on addressing vulnerabilities and implementing robust security protocols. The coordinated efforts between XLink, Kaamel Technology, Ancilia Inc., and Cobo represent a significant step towards securing the Bitcoin bridge platform and restoring user confidence. The incident underscores the importance of proactive security measures in the rapidly evolving cryptocurrency landscape, where vigilance and collaboration are key to safeguarding digital assets.
The post Kaamel Technology to Head Investigation into XLink’s $10 Million Security Breach appeared first on Coinfomania.