At 6:26 PM UTC, the Attacker succeeded in delivering a 1m BNB package to its own address.This enabled the creation and subsequent withdrawal of the 2m BNB in two transactions: When an Externally Owned Account (EoA) or smart contract calls the BSC: Cross-Chain Bridge, the Relayers are responsible for submitting Cross-Chain Communication Packages between the two blockchains.īy registering as a Relayer for BSC Cross-Chain Bridge, the Attacker’s relaying requests could be accepted by BSC, allowing the Attacker to exploit a bug through the way BSC Token Hub verifies proofs.Īfter registering as a Relayer, the Attacker forged arbitrary messages on block height 110217401 (while the legitimate withdrawals’ block heights were much higher). On Oct 5, 2022, a day before the attack, a ChangeNOW wallet sent 100 BNB to the Attacker, which was then used to register as a Relayer for BSC Token Hub.īSC Token Hub acts as a vault, facilitating cross-chain transactions between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20). With quick actions taken by various parties, only ~$137m managed to be moved out to the other chains, while the rest were frozen in BSC. The Attacker illegally issued 2m BNB, worth approximately $566m, on from the address of BSC: Token Hub through two transactions of 1m BNB each. All 44 validators were asked to temporarily suspend BSC in order to contain the damage. BNB Chain paused Binance Smart Chain (BSC) after determining a vulnerability had been exploited, as confirmed by Changpeng Zhao (CZ), CEO of Binance. On Oct 7, 2022, the cross-chain bridge which powers the Binance Coin (BNB) ecosystem was hacked.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |