Home » Hacker Exploits Bug to Steal Millions from Binance Bridge

Hacker Exploits Bug to Steal Millions from Binance Bridge

by Ransomware DataBreachToday.com
0 comment

Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime

Crypto Exchange Pauses BSC Smart Contract, Looks to Upgrade Node(rashmiramesh_) •
October 7, 2022    Image: Shutterstock

The world’s largest cryptocurrency exchange suspended trading on a smart contract blockchain after a hacker took at least $100 million in stolen cryptocurrency. Independent observers say the attack on the Binance Smart Chain actually netted the hacker $586 million.

See Also: Is Your Email Security Keeping Up with Attackers? Protecting your Microsoft 365 Investment

Changpeng “CZ” Zhao, chief executive of Binance, says the company asked all validators to suspend BSC and is resolving the issue “Your funds are safe. We apologize for the inconvenience,” Zhao tweeted. He linked to a Reddit post asserting that “the issue is contained now.” BSC uses a consensus mechanism requiring multiple validators to approve transactions. The BSC blockchain runs in parallel with the Binance Chain.

The attacker found a vulnerability on the BSC Token Hub, a cross-chain bridge, by exploiting the smart contract blockchain’s internal verification logic, which allowed for a “huge reward claim,” cybersecurity firm PeckShield tells Information Security Media Group. PeckShield also estimates the total loss to be $586 million, saying that $89.5 million of the stolen funds have already been moved off the Binance Smart Chain.

The incident is the latest in a series of attacks on cross-chain bridges. Blockchain security company Chainalysis pegs the amount of cryptocurrency stolen from bridges this year at $2 billion. Attacks on bridges accounted for 69% of total funds stolen in 2022 through July, it says.

Cross-chain bridges allow the transfer of crypto assets and information across independent blockchains.

The attack appears to have begun around 10 p.m. UTC. At 11:51 p.m. UTC, Zhao said the stolen amount was $100m. At around 1 a.m. UTC, the attacker’s wallet showed about 2 million BSC tokens, an amount worth about $586 million, PeckShield says.

Popular crypto investigator @samczsun, who is a researcher at web3 investment firm Paradigm, explained the technical details of the attack process in a series of tweets:

In a bid to address the vulnerability, Binance appears to be working to fix the code with a node upgrade. “We request BSC Validators to get in touch with us within the next few hours so that we can plan a node upgrade,” Binance’s decentralized network BNB Chain tweeted.

It is unclear when the patch will be issued. “No ETA yet. Let’s give the devs time to fully understand the root cause, implement the fixes, test them thoroughly, and then resume. Let’s not rush it now,” he added.

Source: Read More

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign