BNB Hack: Attacker creates two million coins
A BNB hack occurs over the past night. An attacker creates two million coins worth hundreds of millions of dollars. Cryptocurrency developers are reacting, shutting down the blockchain to mitigate damage, sparking debates about a possible lack of decentralization .
BNB Hack: Attacker creates two million coins
Another attack on a cross-chain bridge. This time, the BSC Token Hub is a bridge that connects the two blockchains of the BNB ecosystem. In a statement released after midnight by BNB spokesman Dardania Havolli, the talk is of “additional BNB created .”
As a result, the developers of the project contacted the network validators and managed to stop the BNB chain, which has been active again since 9 a.m..
This measure might have prevented the hacker from causing further damage. The exact extent of the damage is not yet clear. While Binance speaks of 100 to 110 million US dollars, security experts report sums in excess of 500 million or even 700 million US dollars.
BSCScan shows that one of the hacker’s addresses still has access to over $420 million in various tokens as of this writing. However, the address is now marked as a hacker and is therefore usually automatically excluded from many services.
How did the BNB hack succeed?
The well-known programmer Samczsun experienced the attack of the unknown in real time and logs his findings on Twitter. According to him, the hacker managed to steal two million BNB worth 569 million US dollars.
According to this, the hacker found a bug within the BSC Token Hub/BNB Bridge that confirmed a block even if it was manipulated.
The attacker used a heavily deprecated block height and a significantly shorter proof to withdraw funds than usual. He manipulated both metrics and thus triggered a procedure that enabled him to execute a self-determined message within the blockchain.
He then used this option to transfer one million BNB. By fabricating two such messages, he was able to gain access to the equivalent of more than half a billion Swiss francs.
The reaction from the minds behind BNB froze $7 million in the hacker’s possessions. The hacker used an initial investment of just over 100 BNB to carry out the attack.
This money reached its used address from the swapper ChangeNow. After the hack, he used the Venus Protocol DeFi application to convert 900,000 BNB into $147 million in the form of stablecoins USDT, USDC, and BUSD.
However, tokens of this type can usually be frozen. The attacker currently only has access to the equivalent of 83.3 million US dollars.
Lack of decentralization? discussions begin
Shutting down the blockchain is not a common response to an exploit. Normally, a blockchain should be active at all times. The fact that the BNB developers contacted validators to paralyze the network is already causing initial criticism within the scene.
The problem: If the blockchain can be switched off once to prevent an unwelcome event, there is also the possibility of doing so several times. The necessary neutrality, which a blockchain is supposed to offer, is missing.
In the future, the threat of censorship could arise without a hack.