Allbridge Core
Summary
Allbridge Core is a cross-chain stablecoin bridge protocol operating across EVM-compatible chains, Solana, Tron, and Stellar. On April 1-2, 2023, the protocol suffered a flash loan price-manipulation exploit on BNB Chain that drained approximately $570,000 from its BUSD and USDT liquidity pools. The attacker was subsequently identified via on-chain analysis by BNB Chain and AvengerDAO, and ultimately returned roughly $465,000 of the stolen funds after Allbridge offered a white hat bounty with immunity from legal action.
Connected Entities
1 entities · 10 linked investigationsTimeline(11 events)
2022-07-10
Kudelski Security completes a security audit of Allbridge Core, finding no significant issues.
Kudelski Security Audit Completed — Allbridge Medium2023-01-12
Kudelski Security publishes a public blog post on mitigating risks in Allbridge Core based on its December 2022 assessment.
Mitigating Risk in the Allbridge Core — Kudelski Security Research2023-01-01
The same wallet later identified as the Allbridge exploiter (labeled 'UF Dao Hacker' on BscScan) allegedly steals approximately $90,000 from the UF Dao protocol in a separate attack.
BNB Chain claims to have identified Allbridge's $570,000 exploiter — The Block2023-04-01
PeckShield publicly alerts Allbridge via Twitter that an address is actively manipulating the swap price of its BNB Chain liquidity pools, acting simultaneously as a liquidity provider and swapper to drain BUSD and USDT pools.
DeFi Cross-Chain Solution Allbridge Exploited For $570,000 — BeInCrypto2023-04-02
Allbridge Core confirms the exploit. Approximately $570,000 is drained from BNB Chain pools (282,889 BUSD and 290,868 USDT). Total losses including a secondary attack are estimated at approximately $650,000. Allbridge immediately locks the bridge.
Decoding AllBridge $570K Flash Loan Exploit — QuillAudits2023-04-02
Allbridge reopens liquidity pools temporarily to allow liquidity providers to withdraw remaining assets. The team engages security partners PeckShield, Hacken, and HAPI Labs.
Allbridge Hack Response: Bridge Locked, White Hat Bounty, LPs Opened for Withdrawals — CryptoNews2023-04-03
BNB Chain and AvengerDAO announce they have identified the exploiter through on-chain analysis. The wallet is linked to the prior UF Dao hack. Centralized exchanges begin freezing associated accounts.
BNB Chain claims to have identified Allbridge's $570,000 exploiter — The Block2023-04-03
Allbridge sends an on-chain message to the attacker offering a 10% white hat bounty and immunity from legal action in exchange for return of stolen funds.
Allbridge offers bounty to exploiter who stole $573K in flash loan attack — CoinTelegraph2023-04-04
The attacker returns approximately 1,500 BNB (roughly $465,000–$466,000), routed through Tornado Cash, to Allbridge's recovery address. Approximately $100,000–$108,000 is retained by the attacker as the bounty. Approximately 507.3 BNB had previously been sent to Tornado Cash in the days after the attack.
Allbridge Hacker Returns 1,500 BNB, Keeps $100,000 as Bounty — BeInCrypto2023-04-04
Allbridge converts returned BNB to BUSD and launches a compensation program for affected liquidity providers, requiring them to submit application forms.
DeFi Project Allbridge Recovers Most of Stolen $570K — DailyCoin2023-05-30
Allbridge publishes a relaunch update post describing security fixes implemented: single pool per chain, automatic pool shutdown on depeg, emergency pause controls, and open-sourced contracts on GitHub.
Allbridge Core Updates Following the Relaunch — Allbridge MediumDecision Log
- hash: 7L9Nf4y56HAt5YkY3shHcvyoi4WTfk663ND1iRjUHhUM
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-5
generated: 5/4/2026, 2:54:43 AM
last updated: 5/30/2026, 12:14:39 PM
avoid.net — verified advice for a post-truth world