Wu learned that according to Blockaid monitoring, BitTorrent's BTTC cross-chain bridge on Ethereum was allegedly attacked, with approximately $13.3 million in assets transferred out, including about 7,285 ETH and various ERC-20 assets. Blockaid stated that after the BTTC cross-chain bridge administrator Safe performed a privileged proxy upgrade, the attacker obtained the CFO_ROLE permission for the upgraded RootChainManager contract and called the withdrawAll(address[]) function to transfer ETH and ERC-20 assets from the bridge Predicate contract.

BTT-1.10%
ETH-1.78%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 2
  • 1
  • Share
Comment
Add a comment
Add a comment
Lightning-FastComposure
· 2h ago
WithdrawAll from within the Predicate contract—the function name is so direct that even hackers find it convenient.
View OriginalReply0
StakingSparrow
· 3h ago
Safe multisig upgrade was instantly exploited, the attacker was quite precise in lying in wait. The bridge's security model needs to be re-evaluated.
View OriginalReply0
  • Pinned