The Story of Hackers Using Coin Security Chain Vulnerability to Forge a $580 Million False BNB Event

Source: GeckoInsightsMetatrend CompilationEarlier today, the BNB chain was stolen for over $580 million. How on earth did this happen?At around 6 a

Source: GeckoInsightsMetatrend Compilation

Earlier today, the BNB chain was stolen for over $580 million. How on earth did this happen?

At around 6 a.m. on October 7th (GMT+8), multiple Twitter accounts, including blockchain security company PeckShield Inc., were the first to point out that transaction requests of 2 million BNB (totaling $586 million) were retrieved from the network's cross chain bridge.

The hacker stored the stolen BNB as collateral on BNBChain's lending platform Venus and borrowed various Stablecoin, including BUSD, USDT and USDC.

Then, the hacker sends part of the borrowed funds to six other networks (non BSC chains) through Stargate and Multichain, including Ethereum, Polygon, Fantom, Optimal, Arbitrarum, and Avalanche.

According to Peckshield, BNBchain vulnerability exploiters have transferred about $89.5 million to other chains, about 58% to Ethereum, about 33% to Fantom, and about 4.5% to Arbitrum.

However, the attack did not stop there. The borrowed Stablecoin is swapped into ETH on each network, and then bridged back to the ETH primary network.

On the surface, this seems to be an on chain leverage bet - use BNB as collateral to borrow Stablecoin, and then use these Stablecoin to exchange ETH on other networks, so as to effectively obtain ETH's leverage exposure.

However, the source of the collateral becomes conclusive evidence

One hour after discovering the vulnerability, BNBChain announced a network halt. In addition, 7 million stolen funds have been successfully frozen.

To prevent attackers from transferring the remaining USDT from their wallets, Tether has blacklisted the hacker's account.

Security researcher Samczsun from Paradigm pointed out that BinanceBridge has a flaw where attackers can submit forged proof that can be verified across the bridge, allowing them to steal funds on the bridge.

As of now, attackers control approximately 80% of stolen funds on the BNB chain, which is still in a suspended state.

Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])

Previous 2024-11-24
Next 2024-11-24

Guess you like