Decentralized Exchange Rubic Loses $1,000,000 in Exploit Involving Private Keys
Multi-Chain swaps protocol and decentralized exchange (DEX) Rubic has lost over one million worth of tokens after attackers gained access to the private keys of an administrator's wallet.
During morning hours in Asia, the project developers revealed that one of their admin’s wallet addresses that managed the RBC/BRBC bridge and staking rewards was compromised. "We suspect it was malicious software that was used to get access to the admin wallet's private keys," they added.
In crypto, a private key, also referred to as a secret key, is a secret number that is used with an algorithm to encrypt and decrypt data. Secret keys are comparable to passwords, and thus should only be shared with the key's generator or parties authorized to decrypt a wallet.
RBC is the native token of Rubic and BRBC is a wrapped version of the token. BTBC was created to allow users to trade in the BSC network, providing decreased overall fees and increasing the opportunity for more users to use Rubic’s token.
According to the team, the attaker stole around 34 million RBC and BRBC tokens and sold them on the Uniswap and PancakeSwap exchanges. The tokens were worth over $1.2 million at the time. Notably, the attacker's wallet flagged by Rubic held over 205 BNB, or just over $65,000, in a BNB Chain wallet and over $205,000 worth of ether in an Ethereum wallet.
As the attacker was selling RBC tokens, the price of the coin plunged by over 98%. However, the coin has since trimmed some losses, gaining over 15% over the past day.
"Rubic continues to work without interruption and your staking funds are safe. None of our contracts were exploited, rather it was the private keys of the wallet that were compromised," the team said.
Rubic Asks the Attacker to Return 80% of the Tokens
In another tweet, the team behind the project said they have already started to investigate the case with reliable and trustworthy third-party services.
However, they noted that they won't proceed with the investigation if the hacker decides to return 80% of the stolen funds. "They can have 20% of the assets as part of the bug hunting campaign without any legal consequences," the team said.
Meanwhile, Rubic is not the only crypto project that has been exploited recently. As reported, Panama-based crypto derivatives exchange Deribit was also hit with a hack estimated to be worth some $28 million.