A $100 million blockchain bridge hack affected Binance
Introduction
In the world of cryptocurrency, a significant event occurred when the largest crypto exchange faced a major setback on its network. Hackers managed to create 2 million BNB, Binance’s native token, seemingly out of nowhere.
This is another problem that cryptocurrency has had to deal with this year. Since the start of 2022, many of the most valuable coins have lost over 70% of their value.
The Binance Chain, the second-largest smart contract platform, and home to numerous protocols, fell victim to the blockchain bridge hack. The attackers made away with two million BNB, valued at around $556 million during the incident. However, the network’s validators intervened swiftly, stopping the flow of funds and preventing access to approximately $430 million of the stolen assets.
You must still be wondering what this hack is all about. Let’s find out.
What actually happened with the BNB hack?
Based on the hack that happened on October 6, 2022, the price of BNB went down a little on Friday. However, the situation was quickly contained, and the entire blockchain didn’t collapse thanks to the swift actions of validators. Contrary to initial reports, BNB holders didn’t collectively lose $570 million.Bianance asked all validators to temporarily suspend BSC. That issue was immediately contained. The funds of the users were safe.
As of October 9, the price of BNB stood at $278.14, marking a 46.34% decrease for 2022. Initially, the hackers attempted to withdraw the entire $570 million from Binance. However, the company temporarily halted the vulnerable network to address the issue, preventing the cybercriminals from accessing the majority of the funds.
In reality, the hackers only managed to steal about $110 million, and an additional $7 million was frozen with the help of security partners. Data from DeBank, a portfolio tracker, indicates that the hackers gained access to around $110 million worth of various cryptocurrencies across different networks, including Ethereum, Avalanche, Fantom, and L2s Arbitrum and Optimism.
Despite the hack, it’s important to note that the broader cryptocurrency market experienced a downturn due to economic factors. This demonstrates that crypto prices can be influenced by external events, contrary to some earlier beliefs about their independence from traditional financial systems.
How did the blockchain bridge hack happen?
The BSC Beacon Bridge, a crucial component of the Binance Smart Chain, relies heavily on Cosmos software, specifically a core code repository utilizing a merkle tree proof called IAVL. This code, responsible for creating a customized binary merkle tree, contained a critical bug that led to the blockchain bridge hack.
The hackers tricked the system into believing they were entitled to the money by taking advantage of a weakness in the proof verifier of the bridge. Essentially, they tricked the bridge into transferring the tokens to them. The exploit involved attackers minting an infinite amount of aBNBc tokens using the token’s smart contract. These tokens, which can be used to earn rewards on Ankr, are the staked version of Binance’s BNB token.
Rather than directly sending the freshly-minted BNB into their wallets, the hackers deposited BNBs to the lending platform Venus Protocol. From there, they swiftly transferred the stolen funds to other chains, including Fantom, Avalanche, and Arbitrum, before Binance suspended the network.
The suspension prevented further damage and protected the network and ecosystem from collapse, as the bridge held billions of dollars. Various cybersecurity firms and researchers confirmed the exploit and highlighted the intricate steps the hackers took to move the stolen funds across different chains.
How did Binance react to blockchain bridge hack?
In response to the blockchain bridge hack, Binance took swift action and outlined several measures to address the situation and prevent future attacks. Firstly, they planned to hold on-chain governance votes to decide on key actions:
1. Offer a 10% bounty to anyone who finds the hackers and returns the funds.
2. Establish a bug bounty program, awarding $1 million to those who report serious bugs.
3. Consider freezing the hacked funds to prevent further misuse.
4. Utilize the BNB auto-burn mechanism to restore the remaining hacked funds.
Cross-chain bridges have become prime targets for high-value hacks due to the large amounts of cryptocurrency they hold. Binance acknowledged the exploit and apologized to the community, emphasizing their ownership of the situation.
Despite the decentralized nature of chains, Binance’s team swiftly contacted community validators to contain the incident and minimize losses. The delay in closure was attributed to coordinating with the numerous validators across different time zones.
Binance provided insights into the incident, explaining that the exploit targeted the native cross-chain bridge between BNB Beacon Chain and BNB Smart Chain, known as the ‘BSC Token Hub.’ The hackers withdrew 2 million BNB through a sophisticated manipulation of the proof system.
To bolster security, Binance announced the introduction of a new on-chain governance mechanism on the BNB Chain and pledged to share postmortem details and lessons learned to enhance security measures.
Additionally, Binance expressed gratitude to the community for their swift response and support during the incident. They vowed to add more community validators to further decentralize the network and prevent future attacks.
Conclusion
Even though Binance’s response to the BNB Chain attack fixed some of the damage, it shows that people in the crypto community are still worried about decentralization.
Unfortunately, cross-chain bridge attacks happen frequently in the cryptocurrency world. These bridges make it easier to traverse between networks, but hackers looking to take advantage of weaknesses have found them to be attractive targets as well.
Investing in digital assets comes with risks, especially in an unregulated area where hackers can easily get in. The market’s volatility and unpredictability are further highlighted by the recent decline in cryptocurrency values. To protect themselves from the prospect of suffering big losses, investors must do extensive research before allocating their money to potentially risky investments.