

What We Can Learn From BNB Bridge Hack; BSC Hard-Forked



Blockchain experts who were among the first to discover the BNB bridge exploit said faster responses and new tools are needed to stop ongoing DeFi hacks.
Fallout From the BNB Bridge Hack
Two of the first researchers to discover the Oct. 6 BNB bridge hack have shared lessons learned from the exploit, along with further details on how it went down, in interviews with BSC News. Meanwhile, the BNB Smart Chain (BSC) implemented a hard fork to patch the exploit on Oct. 12 at about 9 a.m. UTC.
Zane Huffman, Head of Strategy at Vesper and Co-Founder of Governor DAO, chronicled the exploit in real-time on Twitter soon after it began, while H Xie, CEO of security firm Ancilia, Inc. was among the first to notice the hack via the company’s blockchain security monitoring system.
Huffman said the response from BNB Chain to the hack wasn’t as fast as he would have expected.
“I'm not sure how long it took them from initial alert. But it was several hours since the hack began. That's better than some largescale hacks but we also hear stories about budding hacks being stopped immediately,” he told BSC News. “I feel like Binance should have some alerts going off right when that initial 1,000,000 BNB withdrawal took place. If they saw it immediately and still spent several hours until shutdown, that doesn't seem like a super fast response.”
The #BSC Bridge Hacks
— Ancilia, Inc. (@AnciliaInc) October 6, 2022
1/ Our first alert on 2022-10-06 18:37:59.181498, which shows the hacker drain a contract's fund over 99% and over $100M USD, from
0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bechttps://t.co/Jz3GUKUwmAhttps://t.co/srXrz3sHeD"
For BNB Chain’s part, Xei said that there has never been an exploit like this before to his knowledge, meaning it may have been harder to detect.
“Blockchain is still in its earliest stage, and a lot of the infrastructure is not ready, specifically on the security side. People still mostly rely on security code audits to ensure their protocol’s safety,” he told BSC News. “The capability to take action during or immediately after a hack like this one that affected all BNB owners and BSC users are necessary. If anything, this case demonstrates the need for more security tools and infrastructure ...”
Huffman noted that although the more centralized nature of the BNB Chain may have actually helped this time by enabling the organization to shut down the chain more quickly, attackers will probably move faster next time.
“The degree of centralization probably correlates to the reaction time: more decentralized = longer reaction time. So it was good this time,” Huffman said. “But in the future, if a similar attack were to occur, the attacker probably would route funds off of BNB Chain faster.”
He added that the hacker(s) could have chosen much faster ways to route funds than they did and that if their mission was to get away with as much money as possible, they seemed to waste a lot of time with a calculated but ultimately very inefficient strategy.
“It seems to me like they thought they'd have more time to covertly move everything,” he speculated. “Once alerts start flying, they seem to move much more frantically, taking on huge slippage dumping BNB through PancakeSwap, for example.”
As of right now, they still have >50% of their coin sitting on BSC directly in wallet. Some mid 8 figures waiting in bridgeland to be claimed, too.
— GREEN JEFF (The Bread #9) (@jeffthedunker) October 6, 2022
This is not normal behavior for an exploiter. Seems more like trying to provoke Binance. Like "come and get me"
Xei agreed that the follow-through strategy of the hacker(s) was odd given how sophisticated the initial hack was.
“The sophistication of the hack and how it was carried out makes us believe that the hacker is smart and the hack is well planned, but on the other hand, we believe the money exfiltration is not as quick and sophisticated as exhibited in previous hacks,” he concluded.
Fortunately, other blockchains don’t have to worry about similar exploits, according to Xei, since the bug existed only on BSC and was specific to the BSC Token Hub bridge.
Despite the BSC bridge hack being the third largest blockchain-related hack in history, it dropped the price of BNB by only a few percentage points at the time, underscoring the lack of interest markets seem to have in the ongoing barrage of hacks plaguing Decentralized Finance (DeFi) projects lately.
This lack of reaction may be a result of markets having already priced in the relative newness of the technology and the resultant security risks. Xei, for one, stressed that Web3 is still in its early days, especially in the area of security.
“Any code, no matter how many times you have done code audits, is still potentially vulnerable, as many hacks have demonstrated,” he said.
Xei suggested the number of hacks can be reduced if the blockchain community evolves its practices to include:
- A mindset shift towards security by design.
- The adoption of monitoring/alerting systems such as Ancilia’s.
- Preventative mechanisms built into protocols so that the loss and damage can be reduced to a minimum when hacks do happen.
- More collaboration between projects to build a wider security ecosystem to fight back against hackers.
BSC Patches Exploit With Hard Fork
BNB Chain acknowledged that about $100 million remained unrecovered in an Oct. 11 post on its website. The message also referenced a hard fork to take place on Oct. 12 to patch the BSC Token Hub bridge exploit at block height 22,107,423 at about 8 am UTC.
Details of the v1.1.16 hard fork, dubbed Moran, were released by Binance in an Oct. 11 announcement as well as on the BNB Chain GitHub page.
Binance wrote in its announcement that the “BNB Smart Chain (BEP20) network upgrade and hard fork will not result in new tokens being created.”
At about 10:30 a.m. UTC on Oct. 12, BNB Chain said on Twitter that the upgrade had been completed.
IMPORTANT UPDATE: BNB Smart Chain v1.1.16 has arrived. https://t.co/3lBZV4GGiu
— BNB Chain (@BNBCHAIN) October 12, 2022
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
Author
Related News


Binance VIP Traders Informed of $4B Settlement Back in September

The exclusive gathering took place at a luxurious Singapore night club in September, where attendees engaged with Binance executives and probed about the potential settlement.
Binance reportedly hosted an exclusive dinner for its most significant market makers in September. The gathering, held at a prestigious Singapore nightclub, was an intimate setting where select VIP traders gained insights into the impending $4 billion settlement with the U.S. Department of Justice, according to a recent report from Bloomberg.
The private dinner, organized for Binance's top traders, unfolded in the upscale 1880 members-only club. Attendees, consisting of market makers and traders, engaged in discussions with Binance executives about the company's legal challenges. The conversations revolved around the potential $4 billion fine, leaving attendees convinced that Binance could afford and would settle such a substantial amount.
Attendees' Perspectives
Reports suggest that attendees, after breaking into smaller groups, sought clarification on Binance's legal troubles. They left the dinner with a heightened expectation of the $4 billion settlement, emphasizing the significant financial impact it would have on the exchange.
Former CEO Changpeng Zhao was notably absent from the gathering, with the then-head of regional markets, Richard Teng, representing the company.
In response to the reports, a Binance spokesperson disputed certain aspects of the event's depiction while refraining from specifying the inaccuracies, as per The Block. This discrepancy in accounts raises questions about the transparency surrounding Binance's legal challenges and its communication with stakeholders.
Implications of the Settlement
Binance’s $4 billion settlement with U.S. authorities, including the Department of Justice, Department of the Treasury, and the Commodity Futures Trading Commission, marked one of the largest corporate settlements in U.S. history.
The resolution concluded a criminal investigation into allegations of money laundering and sanctions violations, settling many of Binance's legal troubles in the U.S. However, Binance.US and Changpeng Zhao still face a lawsuit filed by the U.S. Securities and Exchange Commission.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
Follow us on Twitter and Instagram!
If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, cryptonomics explainers, and Trading Tool Kits from BSC News.
Looking for a job in crypto? Check out the CryptoJobsNow listings!
Author

Try Now!

Sign up Now
Coming Soon

WIN BIG

Coming Soon

Start Earning Today!

Earn Now
Coming Soon

Sign Up Now

Play & Mine!
Coming Soon
Editors Choice
Other Currencies
- nameLTBuyLitecoin
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyEOS
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyMonero
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyBitcoin Cash
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0%