The cross-chain bridge got exploited yet again, $13.3 million gone in an instant. The Safe multi-sig upgrade turned into a backdoor instead. This plot is so familiar it hurts.

SAFE-2.75%
View Original
WuSaidBlockchainW
Wu learned that according to Blockaid monitoring, BitTorrent's BTTC cross-chain bridge on Ethereum was allegedly attacked, with approximately $13.3 million in assets transferred out, including about 7,285 ETH and various ERC-20 assets. Blockaid stated that after the BTTC cross-chain bridge administrator Safe performed a privileged proxy upgrade, the attacker obtained the CFO_ROLE permission for the upgraded RootChainManager contract and called the withdrawAll(address[]) function to transfer ETH and ERC-20 assets from the bridge Predicate contract.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned