Syndicate Labs Private Key Leak Attack: Approximately 18.5 million SYND Tokens Transferred, Promises Full Reimbursement to Users

BlockBeats News, May 1st. According to official sources, Syndicate Labs disclosed that a private key leak resulted in a malicious upgrade of the cross-chain bridge contract on two chains. The attacker transferred and sold approximately 18.5 million SYND tokens (equivalent to about $330,000) and around $50,000 worth of user tokens. The incident only affected a specific chain, and other chains were not impacted.

Syndicate Labs stated that the attack involved multi-stage reconnaissance, infrastructure mapping, and careful execution, demonstrating high technical complexity and ruling out insider involvement. The fundamental reason was the storage of the private key in a password management tool without an additional encryption layer. Moreover, the upgrade process did not employ a multi-signature or hardware signature mechanism, nor did it have specific alerts and circuit breakers for contract upgrades.

Syndicate Labs has announced that they will fully compensate all affected users, including returning the 18.5 million SYND tokens and providing additional compensation. They will also offer full compensation to customers of the affected application chain. The company has initiated security upgrades, including enhancing private key encryption, tightening access controls, and planning to introduce hardware or multi-signature mechanisms, as well as upgrade path monitoring, to prevent similar incidents from happening again.