XLink announced a partnership with cybersecurity firm Kaamel Technology on May 20. The collaboration will thoroughly investigate the ‘root cause’ of a data breach on May 15 that involved nearly $10 million of user funds.
XLink stated that Kaamel Technology would conduct a ‘deep investigation’ and take measures to ‘eliminate vulnerabilities and prevent future misconduct.’
Bitcoin Bridge XLink Partners with Kaamel Technology Following Security Breach
XLink disclosed that it has “accelerated” collaborations with cybersecurity firms to strengthen the platform’s defenses against future breaches.
XLink Security Update – May 20, 2024
We are pleased to announce that XLink is taking decisive actions to reinforce the security of our platform. Our first major initiative is the strategic engagement with Kaamel Technology for Incident Response.
In response to the recent… pic.twitter.com/Lk84YdAVCc
— XLink.btc – Bridges All Bitcoin Layer 2s (@XLinkbtc) May 20, 2024
To enhance its security measures further, XLink is expediting its partnership with Ancilia Inc. to boost “real-time on-chain monitoring infrastructure.”
Ancilia played an important role in the recent incident by alerting XLink to the attack, allowing the bridge provider to take swift actions that prevented additional fund losses.
Additionally, XLink is collaborating with Cobo, its BTC custodian, to expand its setup and expedite migrating its web3 key management to the Cobo MPC infrastructure. XLink emphasized that in addition to its partnerships with Cobo, Ancilia, and Kaamel Technology, it plans to announce further partnerships in the future as part of its efforts to enhance the security of its platform.
XLink Recovers Stolen Assets
XLink’s security breach involved its Ethereum and Binance Smart Chain (BSC) endpoints. The breach saw around $4.3 million lost after the attacker obtained private keys through a phishing scheme. Swift action by a white hat hacker led to the recovery of the stolen assets, however.
Xlink Security Update:
Following our announcement of the security incident at XLink, with the support of a whitehat (at 0x27055ae433e9dcb30f6ebcc1a374cf5cc03c484e), all the assets of Xlink users that were taken by the XLink exploiter from the impacted smart contract on BSC have…
— XLink.btc – Bridges All Bitcoin Layer 2s (@XLinkbtc) May 15, 2024
The company clarified that the exploit only affected the BSC and Ethereum endpoints, with other endpoints remaining secure.
Responding to the breach, XLink promptly suspended all operations on the bridge to facilitate a thorough investigation in partnership with security experts and liaisons from Binance. The company urged users who interacted with the compromised contracts to revoke any approved spending limits as a precautionary measure to mitigate further risks.
In a related incident, Bitcoin layer-2 developer Alex Labs, the creator of the XLink bridge, suffered a separate attack on May 15. Due to compromised private keys, the attacker stole approximately $13.7 million in Stacks (STX) tokens.