Cryptocurrency exchange Binance temporarily halted its blockchain network on Thursday in response to a cyberattack that led to the theft of two million BNB tokens that could notionally be exchanged for $566 million in fiat currency.
The shutdown, which required the cooperation of 26 auditors to shut down the decentralized system, took place at 2200UTC on October 6 as a result of using the BSC Token Hub Bridge, which connects the BNB Beacon Chain and the BNB Smart Chain, allowing tokens from different blockchains to be exchanged.
“There was an exploit that compromised the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as ‘BSC Token Hub’,” said Din (Dardania) Havolli, Content Lead for BNB Chain, in a blog post. “A total of two million BNB were drained. The exploit was made through a sophisticated low-level forgery of evidence into a shared library.”
Binance, registered in the Cayman Islands, is the largest cryptocurrency exchange by volume.
Security company SlowMist says that the crypto raiders moved about $110 million from the BNB chain to other blockchains. The network suspension prevented about $430 million worth of BNB tokens from being transferred, and those tokens appear to remain trapped in the thieves’ digital wallet. The BSC Token Hub resumed operations at 0630 UTC on October 7th.
The heist is the latest in a long line of hits on blockchain bridges, systems that enable transactions via so-called smart contracts across different blockchains. There was the $191 million sack of Nomad in August. Before that there was Ronin Bridge ($600 million); Qubit Bridge ($80 million); Wormhole Bridge ($320 million); Meter.io Bridge ($4.4 million); and Poly Network Bridge ($610 million that was returned).
The Ethereum documentation on blockchain bridges warns that bridges are relatively new and carry risks. These include: “the risk of an error in code that could result in the loss of user funds” and the possibility of “software bugs, buggy code, human error, spam and malicious attacks could potentially disrupt user operations”.
The documentation turns out to be correct.
“While the investigation is still in its early stages, it appears that the attacker was able to forge evidence messages, which were then accepted by the BSC Token Hub bridge,” said Ronghui Gu, CEO and co-founder of CertiK, a blockchain security firm. in a statement provided to The Register. “This error appears to be the result of the bridge not fully verifying the Merkle proof with the root hash, allowing the attacker to generate fake proofs from an earlier, legitimate one and then coin BNB directly into their wallet. “
Paradigm researcher Sam Sun, who analyzed the attack in one twitter thread, closed There was a flaw in the way the Binance Bridge verified evidence that allowed attackers to forge arbitrary messages.
Binance CEO Changpeng Zhao repeated the apology in Havolli’s post, claiming that everyone’s money is fine. “The problem is now contained,” he said via twitter. “Your money is safe. We apologize for the inconvenience and will keep you informed accordingly.” ®