Binance announced the suspension of deposits and withdrawals on its BNB chain on October 6th. Because an exploit attack hackers stole over 100 million US dollars. Worse events could only be prevented by immediate and drastic measures.
The next day, Changpeng Zhao, Binance CEO known as CZ, announced that “the problem is contained”. He also clarified the vulnerability in the system that paved the way for attackers to delve deep into the Binance Smart Chain (BSC) protocol .
But let's start at the beginning and work our way through the events step by step to finally briefly discuss the core problem of the exploit attack.
A vulnerability offered the Binance hackers a target
The cross-chain bridge “BSC Token Hub” served as a bottleneck for the exploit. Cross chain bridge attacks are not uncommon in cryptospace . A vulnerability in the Binance system allowed intruders access. In this case it was the so-called “bridge” between the BNB Beacon Chain (BEP2) and the BNB Chain (BSC). A Reddit article, which CZ recommends in a Twitter post for more details, describes this . Additional BNB coins were created and transferred with the aim of obfuscation. Before Binance realized the attack and contained the systems, the said approximately 110 million US dollars could be stolen.
The BNB Chain reacted accordingly and blacklisted the addresses of the hackers and stopped the communication between the affected chains. In addition, all node operators were called upon to upgrade to the current version in order to put a stop to the hackers.
Barely an hour and a half after the call, BNB Chain gave the all-clear via Twitter and confirmed that BNB Smart Chain had resumed its activities .
This is how the “Binance hackers” covered the money’s tracks
Before the Twitter statement was made public, the Twitter user “Green Jeff”, for example, noticed conspicuous transactions from the “BSC: Token Hub”. The strategy manager of the Decentralized Finance ( DeFi ) platform "Vesper Finance" hides behind the pseudonym "Green Jeff ". According to this, the attacker claimed a reward of one million BNB via the token hub.
These were forwarded to the Venus Protocol. So the loot went to a Decentralized Finance ( DeFi ) protocol that runs on the BNB chain and offers high interest rates on storing stablecoins.
The attackers then borrowed $150 million worth of stablecoins spread across USD Coin (USDC), Tether (USDT), and Binance USD (BUSD) by using cross-chain bridges to trade the tokens against Ether (ETH ), Phantom Protocol (PHM) tokens and Polygon (MATIC) before the BNB chain was paused.
According to the on-chain analyses, the hackers placed another million BNB with the cross chain bridge provider “Stargate”. DeFi protocols should cover the tracks of money . Ultimately, Zane Huffman concluded CZ's confirmed haul of approximately $100 million. Before Binance took action, the size of the exploit was $600 million.
Vitalik Buterin also has security concerns about “Bridges”
Vitalik Buterin has often been critical of Bridges' susceptibility to malicious attacks in the past .
"Bridges' fundamental security limits are actually a key reason why I'm pessimistic about cross-chain applications ," Buterin said in a Reddit article.
All in all, Binance is still well served with the loss of $100 million. It could have been worse, according to Paradigm Research Analyst @samczsun . What remains is the bland aftertaste of another attack on one of the largest crypto exchanges in the world. Still, crypto is here to stay.
One question remains: is Binance Chain really decentralized?
After the active intervention of those responsible for Binance, the question of decentralization arises. Can addresses be blacklisted in a decentralized system? Should blockchain application activities be suspended so quickly? We will monitor whether these debates are sparked and how the case progresses.
The fact is: Binance is very concerned about the security of its users. Binance recently introduced the AvngerDAO, which is designed to protect users of the BNB chain from attacks .
My Top Picks
Honeygain - Passive earner that pays in BTC or PayPal
MandalaExchange -The Best no KYC crypto Exchange!
BetFury - Play And Earn BFG for daily Bitcoin and ETH dividends!
Pipeflare - Faucet that pays in ZCash and Matic, Games pay in DAIWomplay - Mobile dApp gaming platform that rewards in EOS and Bitcoin
Cointiply - The #1 Crypto Earning Site
Torum - Join the latest Social Network and earn TRM for Free!LiteCoinPay -
The #1 FaucetPay earner for LitecoinLBRY/Odysee - YouTube Alternative that lets you earn Money by viewing videos!FaucetPay - The #1 Microwallet PlatformFREEBTC - The #1 FaucetPay earner for Satoshi'sFaucetCrypto - An earning/faucet site that pays out instantly
FireFaucet - An earning site that pays better for some than Cointiply
DogeFaucet - Dogecoin Faucet
xFaucet - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BCH, BNB, ZEC, FEY - Claim every 5 minutes
Konstantinova - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BNB, ZEC, USDT, FEY, 25 Claims Daily
Comments
Post a Comment