Nothing in Particular Blog

A Blog About Nothing In Particular

Explore Orion’s new product lineup. Come back regularly to find our new and exciting products to help you navigate the stars!
  • About Me
  • My Account
  • Privacy Policy
  • Required Disclaimer

Attacker Steals $570 Million in BNB Tokens in BNB Chain Exploit

October 8, 2022 by Mars1

Binance’s token bridge between the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC) became the latest target of a bridge exploit. The attackers made off with $570 million in BNB tokens, forcing Binance to suspend deposits and withdrawals until it had a more complete picture of what happened. Binance has said very little about it except to confirm that it paused BNB Chain.

.@BNBchain is currently under maintenance.

We will suspend all deposits and withdrawals via BNB chain temporarily until there are further updates.

We apologise for the inconvenience. Thank you for your patience!

— Binance (@binance) October 6, 2022

Most cross-chain bridges make it possible to exchange an asset on one blockchain for a “wrapped” or “staked” token on another blockchain. Then they can trade or use the wrapped/staked asset like they would the original asset.

Tokens with trading symbols like “WETH,” “stETH,” and “WBTC” are all “stand-in” assets on blockchains other than the original asset’s blockchain. WBTC, for instance, is “Wrapped Bitcoin,” an ERC-20 token on the Ethereum blockchain that can theoretically be traded 1:1 for BTC on the original Bitcoin blockchain. (Yes, they do sometimes deviate than the 1:1 target peg in trading.)

This comes with the assumption that they can swap the token back for the original asset when they’re ready. The problem, of course, is that the bridge might not have enough of the original asset to swap back if it got exploited like Binance’s bridge, the BSC Token Hub, did on October 6, 2022.

Binance had to reach out to 26 validators across 44 time zones to coordinate shutting down the BNB Chain. Yes, there are really that many time zones, and that meant it took time to get them all shut down. Binance says the closure helped minimize the loss despite the delays.

It also took a bit to pin down how much the attackers stole. Initial estimates placed it at $70 to $80 million, with $7 million of the stolen funds quickly frozen. Then Binance CEO Zhao Changpeng said the losses were probably closer to $100 million.

The blockchain freeze may have also kept losses in BNB’s value from getting worse. BNB dropped from $293.13 to $280.04 during the evening of October 6. It is currently trading at $281.71.

Binance says it will hold on-chain governance votes to determine the next steps, including freezing stolen funds and using “BNB Auto-Burn” to get rid of the remaining stolen funds. BNB Auto-Burns normally destroy BNB tokens, with the amount of destroyed tokens being based on its price and the number of blocks that are generated each quarter.

It will also hold a governance vote on whether to offer a “White Hat” bounty of $1 million for finding bugs and a bounty of up to 10% of the stolen funds for catching attackers.

Cross-chain bridges seem to be particularly vulnerable to exploits. Chainalysis estimates that $2 billion in assets were lost to exploits as of August 2022, with most of those funds getting stolen this year. As of August 2022, 13 bridges had been exploited.

The blockchain-based game Axie Infinity lost $625 million in an exploit of Ronin Network validators. It says it regained $5.8 million of those funds. Chainalysis jumped on the case with its ability to track blockchain-based assets.

The NFT gaming-focused @Ronin_Network announced today a loss of over $625M in USDC & ETH, making it the largest-ever DeFi exploit. We can confirm Chainalysis is tracking the funds on their behalf. https://t.co/4aE5fraZB5

— Chainalysis (@chainalysis) March 29, 2022

Axie Infinity brought in law enforcement officials, forensic cryptographers, and investors to help deal with the problem. The exploiters did move some funds to major exchanges, at least one of which promised to intercept funds sent through its exchange.

Huobi will fully support @AxieInfinity as it deals with the aftermath of the attack and theft on its Ronin chain. Any stolen crypto assets that have been discovered to have traversed our exchange and related networks will be dealt with expediently.

— Huobi (@HuobiGlobal) March 29, 2022

Why would anyone use a bridge if it’s that vulnerable? That’s a good question. Previously, there was no question that assets couldn’t move between blockchains. A bitcoin will always reside on the Bitcoin blockchain and will be lost if you try to send it to an address on another chain. (Do NOT try to send BTC to a BCH address, for instance!)

Users primarily like bridges because it’s a chance to quickly “send” their assets from one blockchain to another while technically not breaking any rules. The original asset is still there; it’s just being held by the bridge until somebody swaps back.

Bridges do offer some benefits in terms of speed, scalability, and transaction fees. During times of high congestion, Bitcoin and Ethereum transaction fees can soar due to limited space in each block. Instead of paying somebody in BTC, you could whip out your Ethereum wallet and pay somebody with a “wrapped” bitcoin – a bitcoin stand-in on the Ethereum blockchain.

The same goes for Ethereum; you could use a “wrapped” Ethereum token on the Solana blockchain instead of straight-up ETH – even though the Solana blockchain does sometimes freeze. The Wormhole bridge also got hit by attackers who stole $326 million in February 2022.

After the Wormhole exploit, Step Finance founder George Harrap worried that Wormhole’s version of wrapped Ethereum could become worthless – always a possibility with one digital asset that’s pegged to another asset, especially in the wake of an exploit that loses the bridge hundreds of millions of dollars.

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

(Yes, I know, Lightning Network, but the data must still be written to the Bitcoin blockchain at some point and the Lightning Network could still use some polishing. The good part is that developers are working through some line items that will hopefully make it work better.)

Cross-chain bridges do have their uses. However, no one really knows which ones might get hit next and it’s sometimes possible for some exploits to not be noticed until the damage has already been done. Ethereum co-creator Vitalik Buterin predicted in a Tweet and Reddit post that bridges weren’t exactly secure in January 2022 – a likely prescient statement.

My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b

— vitalik.eth (@VitalikButerin) January 7, 2022

Buterin said that the future was likely multi-chain but not cross-chain, which is not necessarily a bad thing. It just requires “diversifying your portfolio” with the native assets of different blockchains if you want to choose which one you want to use at any given time. That way, you’ll be less at risk if a random “wrapped” token completely tanks due to an exploit that the originating bridge can’t recover from.

Posted in: Cryptocurrencies Tagged: BNB bridge exploit, BNB Chain exploit

Like Us On Facebook

Like Us onFacebook
online prescriptions

My Twitter

Recommended Products on Amazon

Ivacy VPN
Hilton Hotels
SodaStream USA, inc
Best Buy Co, Inc.
For out-of-this-world savings on astronomy gear, enter the Orion Deal Zone! We've made it easy to shop in one convenient spot for top-notch astronomy equipment at unbelievably low prices. You never know what you'll find in the Orion Deal Zone!
Sam's Club
Fiverr
John Academy
Yummy World Plush Toys by Kidrobot - Free Shipping on USA Orders of $50+ at Kidrobot.com
American National Standards Institute Inc.
Blockchain Certification
Single Origin Coffees From Cafe Britt!

Copyright © 2023 Nothing in Particular Blog.

Shopping WordPress Theme by themehall.com