BNB Chain, which is linked to Binance, is alleged to have been the target of a $570 million attack. The aforementioned amount was taken by the hackers via a blockchain “bridge” built within the BNB Chain.
News in a Glimpse:
- After $570 million worth of BNB tokens were allegedly stolen by the suspected hackers, Binance’s blockchain network was briefly shut down.
- The cryptocurrency trading website, however, said that hackers particularly targeted the cross-chain bridge connecting with its BNB Chain.
- The cryptocurrency trade platform and the network validators began collaborating.
- The validators were urged to temporarily stop BSC by Binance CEO, but it was later restarted when the problem was resolved.
A $570 million attack is said to have affected BNB Chain, formerly known as Binance Smart Chain and connected to one of the biggest cryptocurrency exchanges in the world — Binance. The CEO of Binance, Changpeng Zhao, stated in a tweet that the hackers were able to steal the aforementioned sum via a blockchain “bridge” included in the BNB Chain.
As a result, the operations were suspended shortly after the BNB Smart Chain’s validators were able to quickly develop a software upgrade that was designed to close the exploit that hackers were using to siphon money off-chain. After that, operations were restarted.
Cross-Chain Bridge Exploitation
Binance’s blockchain network was briefly shut down after the suspected hackers allegedly stole BNB tokens valued at $570 million. Whereas the cryptocurrency trading site said that the cross-chain bridge connecting with its BNB Chain was specifically targeted by hackers.
According to reports, these cross-chain bridges are the means through which tokens may be moved between blockchains, which allowed the hackers to remove BNB tokens from the network.
Sam Sun, a Paradigm Researcher, claims that the hackers were successful in getting the Binance Bridge to send money—reportedly 1 million BNB—to an account they controlled. It was claimed that this technique was repeated twice.
When Sun compared the valid withdrawals to the hacker’s transactions, he discovered that the hacker had used the same height, 110217401, and that the legitimate withdrawals’ heights were far higher.
The Binance Bridge normally requires two operations: a “iavl:v” operation and a “multistore” action. Binance has a particular precompile contract for checking IAVL trees, which means that when a user validates an IAVL tree they will need to specify a list of “operations.”
The article claims that the hackers were able to fabricate any message by taking advantage of a weakness in the Binance Bridge that verified proofs. The researcher from Paradigm asserted that although the hackers were only able to fabricate two mails, things could have been far worse.
The cryptocurrency exchange platform started working with the network validators, which are the people or organizations that verify transactions in the blockchain, right away. Due to the developers’ ongoing investigation into the vulnerability, these enabled Binance to delay the generation of new blocks on the BSC.
The hack on the BSC Token Hub cross-chain bridge, according to Binance CEO Changpeng Zhao, has resulted in additional BNB. With this information in hand, they urged the validators to temporarily halt BSC.
The user’s funds were reportedly safe once they were able to contain the issue, he tweeted once again. Additionally, he gave the users the assurance that they will provide updates as needed. The BNB Chain has since resumed operations as a result.
The Hack’s Aftermath
The accused hackers were able to allegedly fabricate transactions thanks to a weakness in the bridge’s smart contract, according to Immunefi, a crypto security company.
Although there are several bridge designs, most of the funds that are going over the bridge are held in one central location, according to Adrian Hetman, tech head of the triaging team at Immunefi. He further stated that money from that deal was deceived into being given by the Bridge.
Following the alleged attack, BNB dropped in value by 3% the following morning, on October 7, to $285.36 per coin. The company calculated that between $100 million and $110 million had been removed in total, but thanks to its security partners, it was able to freeze $7 million of those money.
This event is the most recent in a series of hacking attacks against cross-chain bridges. The research claims that its shoddy engineering makes it a top target for hackers. Data provided by Chainalysis indicates that breaches on cross-chain bridges have cost over $1.4 billion since the year’s beginning.
One of the worst hacking incidents involved the theft of $615 million from the bridge supporting the well-known non fungible token game Axie Infinity — Ronin. In addition, there was the Wormhole affair, which involved a communication link between Solana and other high-ranking DeFi officials and saw the accumulation of $320 million.
In addition to these hacking occurrences, the cryptocurrency sector has been struggling in 2022. The industry is said to have already lost $2 trillion in value during the industry’s apex of the fierce rise in 2020–2021. The $60 billion blockchain project Terra’s bankruptcy made matters worse. And to top it all off, market sentiment has been negatively damaged by the deteriorating macroeconomic climate.