The decentralized exchange (DEX) and multi-chain swaps platform, Rubic, has suffered a loss of tokens valued over one million after malevolent actors managed to access the private keys of an admin’s wallet.
Early in the Asian timezone, the project’s team disclosed that an admin wallet address responsible for the RBC/BRBC bridge and staking rewards had been breached. “We believe that malicious software was employed to gain entry to the private keys of the admin wallet,” they further elaborated.
In the realm of cryptocurrency, a private key (often known as a secret key) functions as a confidential number associated with an algorithm to both encrypt and decrypt information. Analogous to passwords, these keys ought to remain confidential and only be shared with the person who created it or those explicitly permitted to access the wallet’s contents.
RBC is Rubic’s proprietary token, while BRBC is its wrapped counterpart. BRBC was introduced to facilitate trading on the BSC network, effectively lowering fees and expanding the potential user base for Rubic’s token.
As reported by the development team, the assailant pilfered approximately 34 million RBC and BRBC tokens. These were subsequently traded on the Uniswap and PancakeSwap platforms. At the time of the theft, the value of these tokens exceeded $1.2 million. Intriguingly, the malefactor’s wallet, as pinpointed by Rubic, had assets of over 205 BNB (valued at just above $65,000) in a BNB Chain wallet and an excess of $205,000 in ether in an Ethereum wallet.
As the perpetrator liquidated RBC tokens, the token’s market price plummeted by a staggering 98%. However, there has been a slight recovery since then, with the coin’s value appreciating by more than 15% in the last 24 hours.
The Rubic team sought to reassure its community, stating, “Rubic remains operational without any disruptions, and the funds you’ve staked are secure. The breach wasn’t due to a flaw in our contracts; it was the wallet’s private keys that were accessed unlawfully.”
Rubic Asks the Attacker to Return 80% of the Tokens
In a subsequent tweet, the Rubic team indicated they’ve initiated an investigation into the incident in collaboration with reputable third-party services.
Interestingly, they stated that if the hacker opts to return 80% of the misappropriated funds, they would halt the investigation. The team proposed, “The hacker can retain 20% of the assets as a reward under our bug bounty program, without facing any legal repercussions.”
In related news, Rubic isn’t the sole crypto venture to suffer a security breach recently. It’s been reported that the Panama-based crypto derivatives platform, Deribit, endured a cyberattack, with losses estimated around $28 million.