.png){kind=logo}
- Insights
- Cryptocurrencies
- Gadgets
- Stocks
- White Papers
- Reports
- Industry
- Geography
- Insights
- Cryptocurrencies
- Gadgets
- Stocks
- White Papers
- Reports
- Industry
- Geography
The BNB Chain was temporarily paused after an exploit on its cross-chain bridge. The current impact estimate is around $100 million and $110 million equivalent of cryptocurrency. According to the latest update, the BNB Chain has resumed working as usual, but let's have a look at how the hack went down, according to a popular researcher.
Paradigm Researcher Sam Sun stated that the attacker somehow convinced the Binance Bridge to send out 1 million BNB to an address they controlled. They repeated the step twice. After comparing the attacker's transactions with legitimate withdrawals, Sun noticed that the height used by the attacker was always the same – 110217401. However, the heights used by legitimate withdrawals were much bigger, such as 270822321, the researcher pointed out.
He further noted that the attacker's proof was notably shorter than the legitimate withdrawal's proof, meaning that they had found a way to "forge a proof" for that specific block – 110217401.
Binance has a special precompile contract that is used to verify IAVL trees. When a user verifies an IAVL tree, they need to specify a list of "operations." The Binance Bridge typically expects two of them: an "iavl:v" operation, and a "multistore" operation, Sun specified. The attacker managed to exploit the bug in the Binance Bridge that verified proofs allowing attackers to forge arbitrary messages. While the attacker only forged two messages, the researcher claimed that the damage could have been far worse.
Binance CEO Changpeng Zhao confirmed the exploit after the validators were asked to temporarily suspend BSC and revealed that the issue had been contained. "Initial estimates for funds taken off BSC are between $100M – $110M. However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen. We are humbled by the speed and collaboration from the community to freeze funds."
The latest BNB Chain exploit and the subsequent steps taken by Binance may have controlled the damage, but the community faces the same dilemma surrounding decentralization once again. Bartek Kiepuszewski, MakerDAO's blockchain architect, expressed a similar sentiment in his tweet regarding the same.
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.
