Skip to main content

Binance Hack: Are Users Affected?

 


Binance announced the suspension of deposits and withdrawals on its BNB chain on October 6th. Because an exploit attack hackers stole over 100 million US dollars. Worse events could only be prevented by immediate and drastic measures.


The next day, Changpeng Zhao, Binance CEO known as CZ, announced that “the problem is contained”. He also clarified the vulnerability in the system that paved the way for attackers to delve deep into the Binance Smart Chain (BSC) protocol .


But let's start at the beginning and work our way through the events step by step to finally briefly discuss the core problem of the exploit attack.


A vulnerability offered the Binance hackers a target

The cross-chain bridge “BSC Token Hub” served as a bottleneck for the exploit. Cross chain bridge attacks are not uncommon in cryptospace . A vulnerability in the Binance system allowed intruders access. In this case it was the so-called “bridge” between the BNB Beacon Chain (BEP2) and the BNB Chain (BSC). A Reddit article, which CZ recommends in a Twitter post for more details, describes this . Additional BNB coins were created and transferred with the aim of obfuscation. Before Binance realized the attack and contained the systems, the said approximately 110 million US dollars could be stolen.



The BNB Chain reacted accordingly and blacklisted the addresses of the hackers and stopped the communication between the affected chains. In addition, all node operators were called upon to upgrade to the current version in order to put a stop to the hackers.



Barely an hour and a half after the call, BNB Chain gave the all-clear via Twitter and confirmed that BNB Smart Chain had resumed its activities .


This is how the “Binance hackers” covered the money’s tracks

Before the Twitter statement was made public, the Twitter user “Green Jeff”, for example, noticed conspicuous transactions from the “BSC: Token Hub”. The strategy manager of the Decentralized Finance ( DeFi ) platform "Vesper Finance" hides behind the pseudonym "Green Jeff ". According to this, the attacker claimed a reward of one million BNB via the token hub.


These were forwarded to the Venus Protocol. So the loot went to a Decentralized Finance ( DeFi ) protocol that runs on the BNB chain and offers high interest rates on storing stablecoins.



The attackers then borrowed $150 million worth of stablecoins spread across USD Coin (USDC), Tether (USDT), and Binance USD (BUSD) by using cross-chain bridges to trade the tokens against Ether (ETH ), Phantom Protocol (PHM) tokens and Polygon (MATIC) before the BNB chain was paused.



According to the on-chain analyses, the hackers placed another million BNB with the cross chain bridge provider “Stargate”. DeFi protocols should cover the tracks of money . Ultimately, Zane Huffman concluded CZ's confirmed haul of approximately $100 million. Before Binance took action, the size of the exploit was $600 million.



Vitalik Buterin also has security concerns about “Bridges”

Vitalik Buterin has often been critical of Bridges' susceptibility to malicious attacks in the past .


"Bridges' fundamental security limits are actually a key reason why I'm pessimistic about cross-chain applications ," Buterin said in a Reddit article.


All in all, Binance is still well served with the loss of $100 million. It could have been worse, according to Paradigm Research Analyst @samczsun . What remains is the bland aftertaste of another attack on one of the largest crypto exchanges in the world. Still, crypto is here to stay.



One question remains: is Binance Chain really decentralized?

After the active intervention of those responsible for Binance, the question of decentralization arises. Can addresses be blacklisted in a decentralized system? Should blockchain application activities be suspended so quickly? We will monitor whether these debates are sparked and how the case progresses.


The fact is: Binance is very concerned about the security of its users. Binance recently introduced the AvngerDAO, which is designed to protect users of the BNB chain from attacks .

My Top Picks
Honeygain - Passive earner that pays in BTC or PayPal
MandalaExchange -The Best no KYC crypto Exchange! 
BetFury - Play And Earn BFG for daily Bitcoin and ETH dividends!
Pipeflare - Faucet that pays in ZCash and Matic, Games pay in DAI
Womplay - Mobile dApp gaming platform that rewards in EOS and Bitcoin
Cointiply - The #1 Crypto Earning Site
Torum - Join the latest Social Network and earn TRM for Free! 
LiteCoinPay - The #1 FaucetPay earner for Litecoin 
LBRY/Odysee - YouTube Alternative that lets you earn Money by viewing videos!
FaucetPay - The #1 Microwallet Platform
FREEBTC - The #1 FaucetPay earner for Satoshi's
FaucetCrypto - An earning/faucet site that pays out instantly
FireFaucet - An earning site that pays better for some than Cointiply
DogeFaucet - Dogecoin Faucet
xFaucet - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BCH, BNB, ZEC, FEY - Claim every 5 minutes
Konstantinova - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BNB, ZEC, USDT, FEY, 25 Claims Daily

Comments

Post a Comment

Popular posts from this blog

From offchain to offchain: Statechains meets Lightning

  Without a doubt, the most significant off-chain Bitcoin solution is the Lightning network. But in its wake, the statechain has emerged as an intriguing replacement. There is currently a proposal to link the two offchain networks. From an ocean, for example, you can see sunbeams glistening in the water, waves rippling, and possibly a jellyfish drifting toward the light. But you only see a small portion of it. The distance from the sea's surface to its bottom is hundreds of meters. It has dozens of different fish species swimming in it, crabs and starfish crawling on the bottom, shells clinging to rocks, and sea plants climbing up. A completely new world starts where your gaze diverges. You can picture a blockchain like Bitcoin, just like the sea. What you see on the outside is only a small portion of what is actually there; the set of UTXOs (coins) and transaction history that full nodes store are just the beginning of a much larger world. It's the plan, at least. With Bitcoin
Post a Comment
Read more

Phishing attack on popular crypto sites tries to empty wallets

  Several major crypto sites such as Etherscan, CoinGecko, DeFi Pulse, and others report malicious pop-ups scammers use to try to trick users into connecting their MetaMask wallets. The phishing attack came from a domain displaying the Bored Ape Yacht Club (BAYC) logo. "We are investigating the root cause of this attack to fix the threat as soon as possible," CoinGecko founder Bobby Ong tweeted. The phishing attack appears to have been triggered by a malicious ad script from Coinzilla, a crypto ad network, according to CoinGecko. Etherscan also advises its users not to confirm any transactions that may appear on the website. The attackers attempted to use the hype around the “bored monkeys” non-fungible tokens (NFT) to gain access to the cryptocurrencies of unsuspecting website visitors. Although the websites affected by the scam attempt have reacted in the last few hours and deactivated the advertising pop-up, it is still recommended not to connect your MetaMask wallet to ne
Post a Comment
Read more

MSP Recovery and Tokenology aim to optimize healthcare with the help of Polygon

  MSP Recovery LLC, a Miami, US-based healthcare provider with an estimated enterprise value of $32.6 billion, is partnering with Web3 company Tokenology to jointly launch a new blockchain platform called Lifechain. Lifechain wants to leverage the verifiable and transparent nature of blockchain technology to aggregate medical care claims, medical expense reports and patient data and streamline their processing. For this purpose, MSP Recovery launched its own LifeWallet in January, which already has 1 million users. In addition to the wallet and blockchain platform, an associated crypto token called LifeCoin is also used. The press release explains that the primary purpose of the system is to enable secondary healthcare providers to more effectively bill health insurance companies for their costs. “The number of medical claims tokenized going forward will surpass $50 million per day by 2024. For this we need scalability, security and sustainability, which we have only found with Polygon
Post a Comment
Read more