2 million BNB were stolen, Binance cross-chain bridge attack analysis

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

2 million BNB were stolen, Binance cross-chain bridge attack analysis

Tokenview

2022-10-12 03:29

本文约1233字，阅读全文需要约5分钟

2 million BNBs were stolen, and the Binance cross-chain bridge attack process analysis.

secondary title

Attack Incident Review

Attack Incident Review

The BNB chain hack layout can be traced back to October 6th

In this case, the hacker used the ChangeNOW service to transfer the initial attack funds (more than 100 BNB) to the wallet address 0x489...79BEc as early as October 6, Beijing time, and then the hacker called the system RelayerHub contract at block height 21955968 0x1006 paid 100BNB to register as a Relayer, and then launched an attack on the system CrossChain contract 0x2000.

At 2:26 and 4:43 on October 7th, Beijing time, hackers launched attacks on the BSC cross-chain bridge, exploiting the loopholes in the Binance cross-chain bridge BSC Token Hub, obtained a total of 2 million BNB in the two attacks, and transferred them to the wallet 0x489...79BEc.

Then, starting at 2:30 on October 7, Beijing time, the hacker mortgaged 900,000 BNB through Venus’ lending service, and loaned out 62.5 million BUSD, 50 million USDT, and 35 million USDC from the platform.

Since then, the attackers have begun to transfer the loaned stablecoins to networks such as ETH, Fantom, and AVAX through encrypted cross-chain platforms such as Stargate Finance.

Until around 7:00 on October 7, Beijing time, BNB Chain tweeted that due to abnormal activities, it is currently under maintenance, and all deposits and withdrawals through the BNB Chain are temporarily suspended until further updates. BNB Chain stated in another tweet that about 70 million to 80 million US dollars of funds were withdrawn, and 7 million US dollars had been frozen.

Tether sends BNB Chain attacker address

(0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec) and multiple encrypted assets stolen by the attacker are blacklisted. Including 4.8 million USDT transferred by hackers to Ethereum, 2 million USDT transferred to Arbitrum, and 1.7 million USDT transferred to AVAX.

According to Tokenview data, on October 8, the hacker's address transferred about 34,000 ETH (about 45 million U.S. dollars) to the wallet 0xfa0...14e9. Currently, the address still has a large amount of tokens, including 4.8 million USDT and 2.71 million USDC.

Binance Response

At 13:00 on October 7th, the BNB Chain official posted on social media that the BSC v1.1.15 version has been released, and BSC validators are coordinating to seek to restore the BNB Smart Chain (BSC) within 1 hour. The new version will block activities related to hacked accounts. Native cross-chain communication between the BNB Beacon Chain and the BNB Smart Chain has been disabled. The official request for all node operators to try to upgrade to the above version. Validators and the community will discuss further upgrades to fully address this issue.