The first details of the BNB Smart Chain hack – Last night, the Binance ecosystem was rocked by a major hack. In total, more than 500 million dollars were stolen from the BNB Smart Chain. A few hours after the fact, the first details concerning this major heist are available.
Binance’s BNB Smart Chain victim of a major hack
It was a long night for the Binance teams. Indeed, around 00:20 French time, BNB Smart Chain announces several blockchain irregularities. This is immediately paused to try to minimize the impact and stop the bleeding.
Following this announcement, the first estimates fall. Initially estimated around one million BNB, the losses quickly turn out to be colossal. So far, almost no information on the hack had filtered.
A little over an hour after the first announcement, the CEO of Binance, Changpeng Zhao reveals on Twitter that the BSC Token Hub inter-chain bridge was the target of an attack. This takes the opportunity to try to reassure users by announcing that the funds are safe.
Hack Binance Bridge: 500 million dollars mined
Obviously, crypto-investigators from all over the world began to investigate the case in search of answers. Among them, @Samczsun fed a thread throughout the night, compiling all of his findings.
At first glance, he speculated that the hack had targeted the Venus Finance platform, after identifying a $200 million deposit. However, he quickly realized that the funds in question came from an attack of a completely different scale.
Indeed, the attacker managed to get twice 1 million BNB tokens from the Binance Bridge.
Faced with this observation, our crypto-investigator continued his research to try to detect the source of the problem.
>> Register quickly on Bitget and make a first trade to get $20 bonus in USDT (commercial link) <<
Procedure of the hack on the BNB Smart Chain
To conduct his research, Samczsun first analyzed the hacker’s transactions with other legitimate transactions looking for clues. Quickly, he identifies two irregularities:
- The variable-height used in the hacker’s transactions was the same each time, and much lower than that used in legitimate withdrawals;
- The evidence as for it was significantly shorter than those used in classic withdrawals.
These elements led him to believe that the attacker had found a way to generate fake evidence and thus fool the BNB Bridge.
“These two facts led me to believe that the attacker had found a way to tamper with proof for this specific block – 110217401. Now I had to figure out how these proofs worked. »
Thus, the Binance Bridge integrates a precompiled contract that allows verification of IAVL trees. Without going into detail, to verify the IAVL trees the Binance Bridge needs two valid operations. An operation “iavl:v” and udo “mutistore” operation “.
“In order to forge a proof, we need both operations to succeed, and we need the last operation (the multistore) to return a fixed value (the hash of the specified block: 110217401). »
After various attempts, Samczsun was able to generate fraudulent evidence by modifying the IAVL treeto his advantage.
Therefore, it was possible to generate fake evidence by starting from legitimate evidence and modifying it.
“In summary, there was a bug in the way the Binance Bridge checked evidence, which could have allowed attackers to tamper with arbitrary messages. Fortunately, the attacker only tampered with two messages, but the damage could have been much worse. »
Back to normal
For their part, the BNB Smart Chain teams have published a patch to mitigate the flaw. In particular, this made it possible to prevent the attacker’s accounts from acting.
In addition, the teams in agreement with the validators have decided to implement a new governance mechanism on chain in order to be able to defend themselves in such cases.
Finally, the BNB Smart Chain could have been restarted around 9 a.m. French time.
Binance should continue communications in the coming days and offer a post mortem detailing the events.
This hack is of a scale rarely encountered. Indeed, this turns out to be the 3rd most important hackof the ecosystem Challenge . It positions itself behind the hacks of Ronin Network and PolyChain which resulted in the loss of $624 million and $611 million respectively. Bridges are a weakness of the crypto ecosystem, highlighted by Vitalik Buterin himself at the start of 2022.
Because all is not so black, do you want some good news? $20 in USDT awaits you on Bitget! To get this bonus, register quickly on the platformand make a trade. Limited-time offer, reserved for the first 1000 subscribers (commercial link, see conditions on the official website).