BSC hack: what do we known so far?
The BNB Smart Chain network got a series of attacks through a cross-chain bridge exploit. Previously, the damage amounted to hundreds of millions of dollars, not counting the inevitable reputational costs.
On this page
The hacker stole 2 million $BNB tokens worth $566 million using the Binance Bridge exploit. Due to the smart contract vulnerability, he was able to “convince” the bridge to allow double spending.
It is known that he used a vulnerability in a specific block (110217401), where validators, for some reason, did not “see” the inappropriate block height and proof size parameters.
Early investigations indicate that the hacker found a flaw in a special precompilation contract used to test IAVL trees. The bug allowed attackers to forge arbitrary messages during proof checking at the Binance Bridge layer. Fortunately, only two messages were forged, but the damage could have been much greater.
The head of Binance said that a prompt decision was made to suspend the network, and that users' assets were not at risk of theft. The hacker left a “digital footprint”, so some of the funds were blocked at once.
The developers quickly updated the code, announcing a community vote on the possibility of freezing withdrawn funds, using the automatic burning mechanism to cover losses, and launching special bounty programs for “white hackers”.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
