Binance, one of the largest cryptocurrency exchanges in the world, has been the target of a hack. The hacker stole more than 500 million dollars thanks to a loophole. Binance managed to avoid the worst by taking strong measures. We take stock of this major hack.
On the night of October 6 to 7, 2022, a hacker attacked the Binance Smart Chain (BSC)a blockchain made available by Binance, the world’s largest cryptocurrency exchange. The company confirmed that an attack was in progress during the night, around midnight. After identifying irregular activity ” on the blockchainBinance has temporarily suspended the network. On Twitter, the platform explained that a vulnerability was potentially exploited by a malicious actor.
At the end of the attack, a mysterious hacker seized $560 million in cryptocurrencies. The hacker collected two million BNB tokens, Binance’s cryptocurrency, through two transactions. Part of the stolen funds were quickly transferred to other blockchains. To escape the Binance teams, the attacker indeed converted the BNB into other crypto-assets, such as Ether.
Read also: first hack following The Merge, is the Ether cryptocurrency in danger?
Another flaw in a cryptocurrency bridge
Apparently, the hacker behind the attack relied on a security flaw within BSC Token Huba bridge that connects two blockchains from Binance, the BNB Beacon Chain and the BNB Smart Chain. Changpeng Zhao, CEO and Founder of Binance, confirmed the hacker’s modus operandi in a post on his Twitter account. The manager specified that the cryptocurrencies of the users were safe during the break of the blockchain.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022
A bridge (bridge) between two blockchains allows investors toexchange cryptocurrencies from one network to another. During the operation, the funds are locked in a smart contract, an automated program, and duplicated on the destination blockchain. Blocked tokens are obviously not accessible to the user.
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I’ve been working closely with multiple parties to triage and resolve this issue. Here’s how it all went down. pic.twitter.com/E0885Dc3lW
— samczsun (@samczsun) October 6, 2022
As part of the attack, the hacker convinced the gateway to give him one million BNB tokens twice, believes Sam Sun, one of the researchers at Paradigm, an investment firm specializing in digital assets. The expert has published a long detailed investigation into the methods of the hacker on Twitter.
To fool the bridge, the attacker allegedly tampered with the evidence that drives a smart contract to trigger the issuance of tokens on a blockchain. Clear, ” there was a flaw in the way Binance’s bridge verified evidence”explains Sam Sun.
Note that the hack again relies on the fragility of a cryptocurrency gateway. Most of the hacks in recent months are indeed about bridges between blockchains. Let us mention in particular the hack ofSkyline Bridge in June, which resulted in the disappearance of 98 million dollars, of the Nomad bridge or even of Poly Network in 2021.
Industry experts, including companies like Chainanalysis or Elliptic, agree that bridges are the weak point of the crypto ecosystem. This is why they are in the crosshairs of cybercriminals.
How Binance avoided the worst
Fortunately, the hacker kept 80% of the stolen assets directly on the Binance Smart Chain. Binance was therefore able to freeze a large part ($430 million) funds before the hacker disappeared with the loot. For its part, Tether, the firm that issues the USDT stablecoin, has blacklisted the hacker’s address.
The exchange estimates that the hacker managed to extract “only” 100-110 million dollars outside the BSC. However, it will still be a while before Binance takes stock of the matter. To freeze stolen assets and shut down the blockchain, Binance got in touch with validators, the individuals who secure BSC transactions. The firm obtained the agreement of the community and the network was stopped.
“Decentralized chains are not designed to be shut down, but by reaching out to community validators one by one, we were able to prevent the incident from spreading. It was not so easy because the BNB Smart Chain currently has 26 active validators and 44 in total in different time zones. It delayed the suspension, but we were able to minimize the loss”explains Binance in a blog post.
Changes to come on the BSC
Once the origin of the vulnerability was identified, Binance relaunched the Binance Smart Chain this Friday, October 7, 2022 around 9 a.m. Binance teams have deployed an update to the blockchain to fix the flaw and prevent further thefts.
Proactive, Binance has announced changes to the blockchain BSC. To implement these changes, the platform must request community agreement. Indeed, the decentralized infrastructure does not allow Binance to impose changes unilaterally.
Among the issues that will be discussed during ” votes on governance »we find the possibility of freeze hacked funds indefinitely. Binance also offers to launch two bounty programs. These programs aim to reward hackers who discover a flaw or prevent a malicious actor from launching an attack.
Unsurprisingly, the hack plummeted BNB price, the digital currency of Binance. Shortly after the attack, BNB crashed around $280. Before the announcement, the token was still trading above $290. Despite this setback, BNB remains the fifth most valuable cryptocurrency in the market.
We want to thank the writer of this article for this remarkable material
Crypto: the giant Binance was the victim of a hack, what happened?
We have our social media pages here and other related pages herehttps://metfabtech.com/related-pages/