Cross-Chain DEX Rubic Loses Over $1M in Funds After Hackers Gain Access to Private Keys
Developers suspect the attackers accessed the admin wallet's private keys using malicious software.
Nov 2, 2022 at 12:09 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/BA52HMJWUVHRBJY77WMBR7SULA.jpg)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Rubic, a service that allows users to swap cryptocurrencies between different exchanges, was exploited earlier Wednesday after attackers gained access to the private keys of an administrator's wallet.
“One of our admin’s wallet addresses was compromised. This wallet managed the RBC/BRBC bridge and staking rewards,” developers said in a tweet during morning hours in Asia. “We suspect it was malicious software that was used to get access to the admin wallet's private keys.”
A private key is a secret number that is used in cryptography, similar to a password. In cryptocurrency, private keys are also used to sign transactions and prove ownership of a blockchain address.
Around 34 million RBC and BRBC tokens were sold on the Uniswap and PancakeSwap exchanges. As such, Rubic continues to work without interruption and all user funds are safe. No contracts were exploited.
The 34 million RBC transferred out by the attackers was worth over $1.2 million at press time. Separately, the attacker's wallet flagged by Rubic in a tweet held over 205 BNB, or just over $65,000, in a BNB Chain wallet and over $205,000 worth of ether in an Ethereum wallet.
RBC prices plunged over 98% in the hours following the attack as the attackers sold all stolen tokens en masse. Prices bounced during European morning hours.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.