XLink, a well-known Bitcoin blockchain bridge, is gearing up for a comeback following its shutdown on May 15 due to a significant hack that resulted in a loss of $10 million.
The security breach targeted XLink’s Ethereum and BNB Smart Chain (BSC) endpoints, prompting the team to disclose the incident on May 15. As the day draws to a close on May 17, the XLink team is preparing to resume its normal operations after addressing the issues caused by the hack.
Despite the recovery on the BSC, approximately $5 million in mostly LunarCrush tokens remain locked on the Ethereum blockchain. However, the LunarCrush team is working closely with XLink to secure these funds — the majority of the $5 million has been “recovered or secured.”
Another $5 million worth of funds are locked on Ethereum, mainly LunarCrush tokens. The @LunarCrush team, in close coordination with the XLink team, has implemented measures to secure those tokens.
According to XLink, residual crypto funds worth around $500,000 are still locked on Ethereum, but a majority of the funds have been either recovered or secured.
In response to the initial incident, the XLink team reacted quickly, temporarily suspending all operations on the bridge to conduct a thorough investigation. The investigation was carried out collaboratively with the team’s security partners — including Ancilia — and their Binance team liaisons.
XLink has insisted that all users who interacted with the compromised contracts should revoke any approved spending limits. The team issued detailed instructions, and links were provided for ETH and BSC users to mitigate further risk to funds:
“As we prepare to reopen XLink, it is urgent that Ethereum and BSC users check that their wallets have revoked access to the old compromised endpoint contracts. This step will assist in completely severing any connections with the compromised contract and mitigating any associated risks.”
Users failing to do so remain at risk of losing their funds to the attacker.
Another exploit recently hit pump.fun — a Solana memecoin creation tool — after it was claimed that a former employee took the firm for almost $2 million through a “bonding curve” attack.
According to pump.fun, on May 16, the ex-employee took actions to compromise the protocol’s internal systems. The smart contracts have since been announced as “safe,” and victims of the incident will have “100% of [their] liquidity” restored.
