Rubic, a service that allows users to swap cryptocurrencies between different exchanges, was exploited earlier Wednesday after attackers gained access to the private keys of an administrator's wallet.
“One of our admin’s wallet addresses was compromised. This wallet managed the RBC/BRBC bridge and staking rewards,” developers said in a tweet during morning hours in Asia. “We suspect it was malicious software that was used to get access to the admin wallet's private keys.”
A private key is a secret number that is used in cryptography, similar to a password. In cryptocurrency, private keys are also used to sign transactions and prove ownership of a blockchain address.
Around 34 million RBC and BRBC tokens were sold on the Uniswap and PancakeSwap exchanges. As such, Rubic continues to work without interruption and all user funds are safe. No contracts were exploited.
The 34 million RBC transferred out by the attackers was worth over $1.2 million at press time. Separately, the attacker's wallet flagged by Rubic in a tweet held over 205 BNB, or just over $65,000, in a BNB Chain wallet and over $205,000 worth of ether in an Ethereum wallet.
RBC prices plunged over 98% in the hours following the attack as the attackers sold all stolen tokens en masse. Prices bounced during European morning hours.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.