Cross-chain DEX Rubic Loses Over $1M in Funds After Hackers Gain Access to Private Keys

Cross-chain decentralized exchange (DEX) service Rubic was exploited earlier today after attackers gained access to the private keys of an administrator's wallet.

“One of our admin’s wallet addresses was compromised. This wallet managed the RBC/BRBC bridge and staking rewards,” developers said in a tweet in Asian morning hours. “We suspect it was malicious software that was used to get access to the admin wallet's private keys.”

A private key is a secret number that is used in cryptography, similar to a password. In cryptocurrency, private keys are also used to sign transactions and prove ownership of a blockchain address.

1/4 Rubicans,

One of our admin’s wallet addresses was compromised. This wallet managed the RBC/BRBC bridge and staking rewards.

We suspect it was malicious software that was used to get access to the admin wallet's private keys.

— Rubic 🟩 (@CryptoRubic) November 2, 2022

Around 34 million RBC and BRBC tokens were sold on Uniswap and PancakeSwap. As such, Rubic continues to work without interruption and all user funds are safe. No contracts were exploited.

The 34 million RBC transferred out by the attackers was worth over $1.2 million at press time. Separately, the attacker's wallet flagged by Rubic in a tweet held over 205 BNB, or just over $65,000, in a BNB Chain wallet and over $205,000 worth of ether in an Ethereum wallet.

RBC prices plunged over 98% in the hours following the attack as the attackers sold all stolen tokens en masse. Prices bounced in European morning hours.