Bifrost releases the technical investigation of the abnormal movement of BNC on July 6th. They have determined that while their on-chain code has been rigorously audited and battle-tested, the security of their off-chain script code was overlooked. The multi-signature script private key was stored in plain text on a configuration file of the hacked script server. The automated fee replenishment script had a 100 BNC limit but no limit on call frequency, so it was easily circumvented by utilizing batch calls. The 3/5 multi-signature for the script is useless because it is not verified during an automated multi-signature. Bifrost is taking various steps to prevent future incidents from occurring, including comprehensively reviewing its off-chain code and moving its scripts on-chain where possible