BNB
by BSC News
October 7, 2022
BNB Chain resumed operations and apologized to the community while promising changes to prevent future hacks, following the bridge exploit.
BNB Chain has given an official account of the events of Thursday’s massive $580 million-plus hack after resuming operations Friday, apologizing to the community and promising to implement changes to prevent such attacks in the future.
“The exploit was through a sophisticated forging of the low level proof into one common library,” wrote the company in the response.
Translated into English, this means that the hacker(s) forged messages that convinced the bridge to send them BNB. BNB Chain’s note also included a number of actions the company will take next, including:
To recap, the hacker(s) exploited the BSC Token Hub cross-chain bridge – the bridge between the BNB Beacon Chain/BEP2 and BNBChain/BEP20 chains – essentially minting 2 million new BNB (value of about $580 million) that they sent to themselves in two separate transfers.
Security firms and researchers have posted several analyses of the attack on Twitter starting Thursday not long after the attack, with details continuing to be filled in as the community dissects on-chain events and analyzes the exploiter’s moves.
Security firm Ancilia, Inc. was among the first parties to notice the hack, which they were listed as having reported on BscScan shortly after the attack began.
Anonymous Twitter user and blockchain researcher “samczsun” was among the first to detail the event, which they chronicled shortly after the hack unfolded.
The first step in the attack seems to have been when the person(s) now known as the “BNB bridge exploiter” registered as a relayer for the BSC Token Hub bridge so they could position themselves for the exploit, explained samczun on Twitter shortly after the hack, along with their detailed analysis.
“In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages,” wrote samczsun. “Fortunately, the attacker here only forged two messages, but the damage could have been far worse.”
Once the hacker had the money, they began moving it off-chain in what some researchers have called sloppily executed and strangely slow. They managed to move about $90 million-$110 million off, according to different accounts, using it to buy stablecoins such as USDT and USDC via Venus Protocol and borrow ETH on Fantom, among other moves. Partway into the hacker’s attempt to move the funds, Tether froze about $10 million worth of USDT the hacker had acquired with the BNB.
Security firm PeckShield Inc. has analyzed the event and determined that closer to $90 million was moved off-chain, including about 58% to Ethereum, 33% to Fantom, and 4.5% to Arbitrum. How much the hacker has successfully made away with is still unclear, but BNB Chain noted in their response that a full and transparent “postmortem” is in progress and results will be made publicly available in hopes of helping other projects address vulnerabilities in their own bridges.
Latest News
April 26, 2024
2024년 맥스벳 원화 배팅 가능한 최고의 사이트 TOP2
April 26, 2024
Terraform Labs to Restrict Access for US Users Amid SEC Legal Battle
April 26, 2024
Can Chinese Investors Buy Hong Kong's New BTC and ETH ETFs?
April 26, 2024
World's largest Asset Custodian Bank, BNY Mellon Holds Bitcoin ETFs: Report
April 26, 2024
SEC Files $5.6M Lawsuit Against Geosyn Bitcoin Miner For Fraud
April 25, 2024
Nigeria Appoints Pro-Crypto Leader to Head SEC
April 25, 2024
BNB Chain Shows Strong Growth in Q1, 2024 Report: Key Details
April 25, 2024
Ethereum Spot ETFs Is Likely to Face SEC Denial in May: Reports
More News