The blockchain network security incident has once again stirred up the entire coin circle.On October 7th, Beijing time, BNBChain, one of the most active public chains in the world (public blockchain, which refers to a consensus blockchain where anyone can read, send transactions, and obtain effective confirmation) incubated by the cryptocurrency exchange, was attacked by hackers
The blockchain network security incident has once again stirred up the entire coin circle.
On October 7th, Beijing time, BNBChain, one of the most active public chains in the world (public blockchain, which refers to a consensus blockchain where anyone can read, send transactions, and obtain effective confirmation) incubated by the cryptocurrency exchange, was attacked by hackers. Hackers used a cross chain bridge (which can help achieve asset flow between different blockchains) vulnerability to obtain a total of 2 million BNBs in two separate attempts, worth approximately $566 million. In addition, there are other types of virtual assets that have been affected. Currently, a total of 718 million US dollars have been sorted out for stolen assets on the chain that do not involve cross chain parts. According to preliminary estimates by blockchain security company Chengdu Chain Security, combined with the stolen assets on the cross chain part, the amount involved in this hacker attack incident is about 850 million US dollars.
On the early morning of October 7th Beijing time, hackers obtained 2 million BNBs from the "Token Hub" system contract of BNBChain in two installments (2:26 and 4:43).
According to the tracking analysis of stolen funds by the Chengdu Chain Security team, it was found that a total of 143.57 million US dollars of stolen funds were transferred through cross chain transactions (including loans). Among the stolen funds, $77.39 million was transferred to Ethereum through various cross chain channels, $58.96 million was retained in the FTM chain (including various gUSDTs), $4 million was in the Arbitrum chain, $1.72 million was in the Avalanche chain, $400000 was in Polygon, and $1.1 million was in Optimism.
At around 6 a.m. on the same day, the official account of BNBChain social platform released a message stating that due to abnormal activity, it is currently under maintenance and all deposits and withdrawals through the BNB chain are suspended until further updates are available. Meanwhile, in another update, it was stated that approximately $70 million to $80 million of funds had been withdrawn and $7 million had been frozen.
Zhao Changpeng, the CEO of Coin An, who was once known as the "richest man in Chinese", claimed on social media after the attack that a vulnerability in the BNBChain cross chain bridge "token center" caused additional BNB. He has requested all validators to temporarily suspend BNBChain. This issue is now under control, and the funds are secure, and further updates will be provided accordingly.
Paradigm researcher Samczsun posted on social media that on chain data and related code indicate a bug in the BSC cross chain bridge verification method, which may allow attackers to forge arbitrary messages. In this attack, the attacker forged information and passed the verification of the BSC cross chain bridge, causing the cross chain bridge to send 2 million BNBs to the attacker's address.
According to independent analysts on the social media account CIAOfficer, the hacker attack involved a total of 718 million US dollars. This amount is the largest on chain attack in history. According to the sorting and tracking of the Chengdu Chain Security team, over 710 million US dollars have been sorted out as stolen assets on the Coin Security chain that do not involve cross chain parts. With the addition of stolen assets on the cross chain part, it is preliminarily estimated that the amount involved is around 850 million.
At around 3pm that day, the official social media account of BNBChain posted that BNB Smart Chain (BSC) had started running well more than 20 minutes ago. The validators are confirming their status, and the community infrastructure is also being upgraded.
BNBChain is incubated by the world's largest cryptocurrency exchange, CoinChain, consisting of BNBBeconChain and BNBSmartChain. Its token "BNB" is currently the fifth largest cryptocurrency by market value.
Affected by the incident, the BNB price experienced a short-term decline on the same day, dropping from $293.13 to $280.04, before a slight correction. As of press release, BNB was at $281.23.
Analysts have pointed out to Observer Network that this hacker attack incident, like multiple large-scale security incidents before it, has a problem on the cross chain bridge. Due to the technical complexity of cross chain bridges, there is a lot of code accumulation, which can lead to hidden vulnerabilities. In addition, with a huge amount of accumulated funds, it is extremely easy to be targeted by hackers. In the past two years, cross chain bridges have been heavily affected by hacker attacks, and this incident has once again sounded an alarm for cross chain bridges. How the industry can solve the security of multi chain circulation still needs further investigation.
According to Chainalysis's data, as of 2022, cross chain bridge hacking incidents accounted for 69% of hacking attacks, with theft amounts exceeding $2 billion. Previously, the world's hottest blockchain game, AxieInfinity, suffered a hacker attack on the Ronin cross chain bridge, resulting in a loss of approximately $620 million. Cross chain Polynetwork has also been hacked into stealing over $600 million in assets due to vulnerabilities.
This article is an exclusive manuscript from Observer Network and cannot be reproduced without authorization.
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])
