Binance: Here’s How Attackers Siphoned $100M worth of BNB

Lavina Daryanani
Source: CriptoNoticias

The BNB Chain underwent a massive hack a few hours back. As a result, Binance’s blockchain was paused on 6 Oct. The cross-chain bridge attackers managed to get away with approximately $100 million worth of crypto.

Initially, the BNB Chain was temporarily paused due to “irregular activity” on the blockchain. It was revealed later that the same could be a “potential exploit.” The official Twitter handle provided an update that the blockchain was “under maintenance” and it was suspending all deposits and withdrawals. It confirmed that “all funds are safe.”

Other updates of the Binance hack

Per the initial estimates, approximately $70-$80 million worth of funds were taken off the chain. Changpeng Zhao—Founder and CEO of Binance—however, provided another update after that and tweeted,

The current impact estimate is around $100m USD equivalent, about a quarter of the last BNB burn.

Blockchain security and data analytics company PeckShield took Twitter to chalk out how the exploiter had already bridged $89.5 million to other non-BNB Chains. Roughly 58% was bridged to Ethereum, 33% to Fantom, and 4.5% to Arbitrum.

Zhao acknowledged that he was “asleep” when the exploit took place and acknowledged the efforts of the community and team. Activities have, however, not yet been resumed and neither did the executive give any ETA.

The Binance executive tweeted,

No ETA yet. Let’s give the devs time to fully understand the root cause, implement the fixes, test them thoroughly, and then resume. Let’s not rush it now.

Out of the initial estimates of $100 million to $110 million funds stolen, roughly $7 million has already been frozen, thanks to the community and Binance’s internal and external security partners.

The price of the platform’s native token—BNB—started dropping after the hack related-news started doing the rounds. At press time, the asset was down by 4% on the daily and was trading at $284.45.

Also Read: Binance receives Regulatory License in Kazakhstan

Here’s how it all happened

A Paradigm analyst [crypto/Web3 investment firm] working closely with multiple parties to triage and resolve the issue took Twitter to chalk out how the hack was executed. During the late hours of Thursday, an account with hundreds of millions of dollars worth of balance was deducted. Initial speculations were that someone had either already pulled off a huge rug, or there was a massive hack in store.

The attacker apparently deposited over $200 million into Venus Protocol. Resultantly, the protocol’s TVL sharply rose. Venus’s official Twitter handle, however, clarified that it experienced “NO EXPLOIT.” However, it went on to clarify,

The possible BNB threat actor has used the Venus platform to open an overcollateralized position of the app. $254M and borrow app. $147.5M against 900K BNB Tokens deposited.

Then, by likely forging the payload, adding a blank inner node to satisfy the prover, and tweaking the leaf to exit early with the correct root hash, the attacker managed to convince the Binance Bridge to send funds. The Paradigm analyst went on to further highlight other dubious details that he had noticed. Elaborating on the same, he tweeted,

Even though the payload forge, inner node addition, and leaf tweak might not be the exact method or sequence used by the attacker, the analyst claimed that the executed exploit was “identical.” Summing it all up, he concluded,

In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse.