link.png

ID:

bifrost-977

Date:

Status:

Incident Count:

July 10, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

No

info.png

Audit By:

Audits:

Theori

Loss Amount:

2,250,000

info.png

Recovered:

-

Rewards:

Currency:

USD, ETH

info.png

The BiFrost platform provides a multiple blockchain platform where users can compose existing qualified blockchain systems as components and restructure DApps so that they can run on the combined blockchain systems.

The BiFi team identified an attack on the BTC address registration server of the BiFi service. The attack was limited to the BTC address registration server, and no vulnerabilities have been detected in both the smart contracts and the BiFi protocol.

In the attack, the server key of the address issuing server was exposed and the attacker was able to self-sign their own deposit address. Since the attacker could generate a valid signature on the deposit address, BiFi mistakenly recognized the attacker’s BTC transfer as a BTC deposit into BiFi. As a result, the attacker was able to borrow 1,852 ETH with fake deposit.

Funds were transferred into Tornado.cash.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.