As a result of the BNB Chain halt and assistance from asset issuers, a portion of the funds were frozen and transfers were prevented, limiting attacker funds taken off of BSC to an estimated $110M. Upon identifying the root cause, BNB Chain released an updated version of BSC which hard forked the blockchain, patched the vulnerability, and made node upgrade a requirement. However, a large sum of funds remain on various L2 and L1 chains in three distinct addresses.įollowing the discovery of the compromise, BNB Chain halted operations for approximately 8 hours by requesting all validators temporarily suspend BSC in order to investigate the reported activity. USDC, USDT) before consolidating the majority of them on the Ethereum blockchain. The attacker was careful to swap any assets that implement blocklisting (e.g. The attacker swapped stolen assets using Venus Finance and bridged through Stargate Finance and Anyswap to Ethereum, Avalanche, Polygon, Fantom, and Optimism networks. The same vulnerability affected other projects implementing the flawed IAVL library which resulted in an emergency patch from Cosmos. Vulnerability root cause analysis confirmed a flaw in the IAVL verification implementation developed by Cosmos, and incorporated by BSC into their contract’s proof verification process. On October 6th, 2022, Binance’s BSC Token hub, a bridge between the old Binance Beacon Chain and the Binance Smart Chain (BSC) also known as BNB Chain, was exploited by an attacker resulting in the unauthorized transfer of 2M BNB (~$586M).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |