Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The cross-chain bridge X Bridge has experienced multiple suspicious transactions, which are still ongoing. A suspicious address was recently funded by Tornado Cash on BNBChain, then bridged to ETH, and subsequently deposited 0.15 ETH into 'OwnedUpgradeabilityProxy.' Shortly after, a withdrawal of 482M STC totaling $824K was made from your 'OwnedUpgradeabilityProxy' contract. Attack method (per SlowMist): Unknown. Reported loss: $ 824,000.
- chain
- —
- protocol
- X Bridge
- bug_class
- unknown
- date_occurred
- 2024-04-24
- loss_usd
- $824,000
- source_id
- sm:x-bridge::2024-04-24