Hi guys, on the 7th of December, our bridge was exploited by a bad actor.
10 Dec 2022, 13:06
Hi guys, on the 7th of December, our bridge was exploited by a bad actor. After the exploit the bridge was disabled while we investigated the situation. So here is what we know so far:
1. Someone accessed database
3. The first time they accessed the db was about a month ago, they masked their moves.
4. They were aware of a recent issue on BSC, where when the nodes got stuck the events could be duplicated
5. After our fix, we’ve checked events in the database and skipped duplicates.
The investigation is still ongoing, Artem believes that whoever exploited the contract had access (from the development team) and 100% knew exactly what they were doing, Artem is investigating further to find out who the bad actor was. Going forth, Artem will be the only one with access to the database.
The plan from here:
1. Backup server and database.
2. Change all credentials
3. Change back office wallet.
4. We will not launch the bridge until we are 100% sure it’s safe.
Thank you for your patience guys and we are very sorry this happened, we will do everything in our power to prevent this from happening again. We will update you soon! Enjoy your weekend 😊