The recent cross-chain bridge exploit on the BNB Chain resulting in a temporary suspension has shocked the whole crypto industry. The estimated impact is between $100 million and $110 million in cryptocurrencies.
The BNB Chain is reportedly back to normal operation as of the most recent update, but TheCoinRise will report how the breach actually occurred, as detailed by a well-known researcher.
Here’s how BNB Chain hack happened
According to Sam Sun of Paradigm Research, the attacker persuaded the Binance Bridge to send 1 million BNB to a controlled address. They repeated it twice and if we compare their transactions with valid withdrawals, they constantly utilized the same height, 110217401. Sun noted that legitimate withdrawals used far bigger heights, such as 270822321.
He said that the attacker had discovered a way to “forge a proof” for that particular block, 110217401 because theirs was noticeably shorter than the normal withdrawal’s.
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down. pic.twitter.com/E0885Dc3lW
— samczsun (@samczsun) October 6, 2022
IAVL trees are verified using a unique precompile contract that Binance has. A user must define a set of “operations” in order to verify an IAVL tree. According to Sun, the Binance Bridge usually anticipates two of them: a “iavl:v” operation and a “multistore” operation. The vulnerability that allowed attackers to spoof any message by validating proofs in the Binance Bridge was effectively exploited by the attacker.
The researcher asserted that even though the attacker merely sent two messages, the harm may have been far worse.
After asking the validators to temporarily suspend BSC, Binance CEO Changpeng Zhao, who is currently aiming the exchange’s massive operation expansion, confirmed the vulnerability that caused BNB Chain hack and said the problem had been fixed.
“Initial estimates for funds taken off BSC are between $100M – $110M. However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen. We are humbled by the speed and collaboration from the community to freeze funds.”
The BNB Chain, nonetheless, has resumed normal operations after a suspension caused by the serious security vulnerability.
Read More
All News
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now