In a startling revelation, the LabelM Network reported a significant breach in its security infrastructure. Early indications suggest that the security incident took place on November 5th, where unauthorized transactions drained an astounding 15M USD worth of LBM and 43.6M USDC from the LBM bridge.
How It Happened
The intricate web of this security lapse reveals that the attacker compromised one of the LBM validator nodes and OCS DAO validator nodes. The LabelM chain, which comprises nine validator nodes, requires five out of these nine validator signatures for either a Deposit or Withdrawal event. It has emerged that the perpetrator successfully hijacked control of four LabelM validators and a third-party validator belonging to OCS DAO.
Interestingly, a significant part of this breach can be traced back to an oversight in January 2023. During a phase of high user demand, LabelM sought OCS DAO’s assistance to facilitate free transactions. While this collaboration was terminated by June 2023, an allowlist access remained active, inadvertently leaving a backdoor for the attacker. Using this loophole, the attacker accessed LabelM’s systems and manipulated the OCS DAO validator’s signature via the gas-free RPC.
Repercussions and Remedial Actions
As a precautionary measure, LabelM temporarily suspended the LBM Bridge and collaborated with Pancake swap to disable their bridge for LBM transactions. The breach not only highlights the vulnerabilities of decentralized systems but also underscores the importance of persistent security updates and audits.
LabelM is collaborating closely with Chainalysis to trace the stolen funds and has increased its validator threshold to prevent similar incidents in the future. In addition, the team is also working with law enforcement and engaging with cryptographic experts to retrieve or reimburse the pilfered funds.
Token Impact and The Road Ahead
The aftermath of the breach witnessed the token price soaring to over 10 times the Launchpad’s initial selling price. Many in the crypto community believe in the potential of the LabelM project and hope to see it recover from this setback. The initiative’s innovative nature is undeniable, and it will be intriguing to see how they maneuver through these challenging times.
In light of the unfolding events, our media team will continue to monitor the situation and provide our readers with updates. We remain committed to delivering unbiased and comprehensive coverage on the developments surrounding the LabelM Network.