Allbridge, a multichain token bridge provider, has posted a recovery plan following a recent hack where the project was exploited for roughly $573,000 on April 1. In an April 5 statement, Allbridge said it has already started a compensation process for users despite only “partly recovering funds.” The protocol aims to fully compensate those affected by the exploit with funds available to them.
The compensation plan will prioritize users with funds stuck on the token bridge due to the emergency shutdown. Allbridge aims to compensate its liquidity providers (LPs) following the compensation of these users. An application form is currently being drafted for LPs who could not withdraw their assets, allowing them to apply for compensation and provide details of their losses. The compensation process is expected to commence next week, starting with users who “have used the bridge shortly before the shutdown.”
Allbridge enabled LPs to withdraw their funds on April 2, with the majority withdrawing their assets from the pool. Some, however, could withdraw even more “due to the pool’s disbalance.” Others could not withdraw “a reasonable amount” from the liquidity pool due to some users withdrawing more than their original balances and the hack’s impact on the pools.
The compensation plan comes after Allbridge tweeted on April 3 that 1,500 BNB (BNB), worth approximately $465,000, was returned to the project following a public proposal made to the hacker in an April 1 tweet. The protocol’s exploiter seemingly accepted Allbridge’s offer of a “white hat bounty,” where they could keep a portion of the stolen funds in exchange for an assurance that no legal action would be taken.
Allbridge noted that all affected parties by the exploit will be subject to additional rewards in the future, but compensation remains their main priority. The protocol aims to fully compensate all victims of the exploit with funds available to them.
This compensation plan is a positive step for Allbridge to regain the trust of its users after the hack. While the project was only able to partially recover funds, the compensation process shows a willingness to make affected users whole. The inclusion of an application form for LPs who could not withdraw their assets also shows a willingness to make the compensation process as smooth as possible.
This hack also highlights the importance of security in the DeFi space. While noncustodial protocols allow users to maintain control of their funds, they are also vulnerable to hacks. As the DeFi space continues to grow, it is crucial that projects prioritize security measures to prevent hacks and protect user funds.
Meanwhile, Ethereum-based noncustodial lending protocol Eurler Finance announced on April 4 that it recovered most of the $196 million stolen in a March 13 flash loan attack following successful negotiations. The attacker managed to steal millions worth of Dai (DAI), USD Coin (USDC), staked Ether (stETH), and wrapped Bitcoin (WBTC) in the largest hack of 2023 so far. The quick recovery of stolen funds by Eurler Finance shows the importance of prompt action in mitigating the effects of hacks in the DeFi space.