Sunday, March 26, 2023
  • Login
  • Register
btclive365.com
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
btclive365.com
No Result
View All Result
Home Defi

The Million Dollars BSC Token Hub Bridge Hack Analysis

btclive365 by btclive365
November 9, 2022
in Defi
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Read Time: 4 minutes

Summary:

On 7th October 2022, there was an exploit affecting the native cross-chain bridge called “BSC Token Hub”. The bug is in the proof verifier of the bridge. A total of 2 million BNB was withdrawn and Binance temporarily paused BSC Network to prevent further damages. Funds taken off BSC are estimated between $100M – $110M.

Introduction to Binance Smart Chain & Token Hub Bridge:

Binance Smart Chain (BSC) is a Blockchain-based network used for running applications rooted in smart contracts. BSC works in parallel with Binance’s native Binance Chain (BC), allowing users to take advantage of the rapid transaction capacity of the BC as well as the smart contract features of BSC.

  • BNB Beacon Chain (previously Binance Chain) – BNB Chain Governance (Staking, Voting)
  • BNB Smart Chain (BSC) (previously Binance Smart Chain) – EVM compatible, consensus layers, and with hubs to multi-chains

Check out our article for more details.

BSC Token Hub:

BSC Token Hub is the cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). Check out the official documentation of Binance for more details.

Vulnerability Analysis & Impact:

Attack Transaction Details:

Hacker’s Address: 0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec

1st Txn Hash: 0xebf83628ba893hd35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b

2nd Txn Hash: 0x05356fd06ce56a9ec5b4eaf9c075abd740cae4c21eab1676440ab5cd2fe5c57a

BSC Token Hub Contract: 0x0000000000000000000000000000000000001004

Original Txn hash (with block height of 110217401) : 0x79575ff791606ef2c7d69f430d1fee1c25ef8d56275da94e6ac49c9c4cc5f433

The Bug:

BSC Token Hub uses a pre-compiled contract for validating IAVL(Immutable AVL) trees when performing cross-chain transaction verification. The exploiter leveraged a bug in proof verification logic adapting a legit proof for making the bridge mint 2M BNB to them.

The root cause seems to be this line:

The problem is that lpath.Right could be unused in the computation of the root hash of the tree.

To fix this, the line should change

From:

```
if !bytes.Equal(derivedRoot, lpath.Right) ...

to something like:

“`

To:

```
expectedHash := lpath.Left
 if len(lpath.Left) == 0 {
   expectedHash = lpath.Right }
 if !bytes.Equal(derivedRoot, expectedHash) ...

“`

The Attack:

1. The attacker used the hash of a successfully submitted block that was made 2 years ago (specified block: 110217401) to construct a payload as a leaf node to verify the IAVL tree. Original Transaction details of this can be found here.

2. The Attacker injected a leaf node containing as Key the current packageSequence and as Value the evil payload hash (i.e. minting 1M BNB to their address). Then added an empty inner node to the leaf to satisfy the implementation proof.

3. The attacker set in the left path as Right in the hash of the leaf node just created to make the root hash equal to the successfully submitted root hash and finally constructed the withdrawal proof for the particular block and submitted the transaction.

4. After successfully submitting the transaction and receiving $1M BNB. The attacker repeated the steps again and gained an additional 1Million BNB. The total of which amounted to 2Million BNB i.e. $570 Million.

The attacker tried 17 times to mint 1M BNB but they failed 15 times and it minted only 2M BNB. The reason for this was that they had a competition with other legit transactions which front-runned the exploiter tx using the same packageSequence.

After the Exploit :

A few hours after the attack, the CEO of Binance CZ announced the incident through a tweet and halted the BSC network to prevent further damage.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

— CZ 🔶 Binance (@cz_binance) October 6, 2022

A few hours later, Binance fixed the Issue with the latest release v1.1.15. It blocked the flow of attackers’ funds by blacklisting the attacker’s address.

📢BNB Smart Chain (BSC) is running ok from 20+ mins ago.

The validators are confirming their status and the community infrastructure are upgrading as well.

— BNB Chain (@BNBCHAIN) October 7, 2022

Binance Blacklisted the attacker address in the recent commit.

Status of funds:

Current assets held by the attacker in different chains:

The Flow of Funds:

Image Source: https://twitter.com/BeosinAlert/status/1578290676793384961/photo/1

Further Reference / Credit:

Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I’ve been working closely with multiple parties to triage and resolve this issue. Here’s how it all went down. pic.twitter.com/E0885Dc3lW

— samczsun (@samczsun) October 6, 2022

https://github.com/emilianobonassi/bsc-hack-analysis-2022-10-06


Web3 security- Need of the hour

Why QuillAudits For Web3 Security?

QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

312 Views





Source link

Previous Post

Announcing Open Beta Launch, Web3 Gaming Ecosystem Xternity Raises $4.5 Million in Funding

Next Post

How to Buy a Car with Bitcoin [August 2022]

btclive365

btclive365

Next Post
How to Buy a Car with Bitcoin [August 2022]

How to Buy a Car with Bitcoin [August 2022]

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected test

  • 23.8k Followers
  • 99 Subscribers
  • Trending
  • Comments
  • Latest

How to sell Bitcoin – Bitcoin Magazine

November 9, 2022

Add a Tangible Asset to Your Portfolio: Buy Gold

January 7, 2023

Building Bitcoin Standard In Portugal – Bitcoin Magazine

November 9, 2022

USD/ZAR Rallies as SA President Ramaphosa Faces Potential Impeachment

December 1, 2022

Bitcoin price hits 2-week lows as FTX ‘bank run’ drains BTC reserves

1

Building Homesteader Lifestyle With Bitcoin – Bitcoin Magazine

1

Arbitrum dealings activity rockets 550% since August: Delphi Digital

0

Bitcoin․com Doubles Down on Self-Custody With Launch of Verse DEX – Press release Bitcoin News

0

Robert Kiyosaki Says Fed Rate Hikes Will Crash Stocks, Bonds, Real Estate, and US Dollar – Economics Bitcoin News

March 25, 2023

SEC targets Coinbase, Do Kwon arrested, FTX’s $95M in Mysten…

March 25, 2023

Credit Suisse, UBS, Other Banks Facing Russia Sanctions Probe in US, Report – Bitcoin News

March 25, 2023

Euler Finance exploiter returns over 58,000 stolen Ether

March 25, 2023

Recent News

Robert Kiyosaki Says Fed Rate Hikes Will Crash Stocks, Bonds, Real Estate, and US Dollar – Economics Bitcoin News

March 25, 2023

SEC targets Coinbase, Do Kwon arrested, FTX’s $95M in Mysten…

March 25, 2023

Credit Suisse, UBS, Other Banks Facing Russia Sanctions Probe in US, Report – Bitcoin News

March 25, 2023

Euler Finance exploiter returns over 58,000 stolen Ether

March 25, 2023

We deliver up-to-date, breaking crypto news about the latest Bitcoin, Ethereum, Blockchain, NFTs, and Altcoin trends and happenings

Follow Us

Browse by Category

  • Altcoins
  • Bitcoin (BTC)
  • Blockchain
  • Crypto Mining
  • Cryptocurrency News Today
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

Recent News

Robert Kiyosaki Says Fed Rate Hikes Will Crash Stocks, Bonds, Real Estate, and US Dollar – Economics Bitcoin News

March 25, 2023

SEC targets Coinbase, Do Kwon arrested, FTX’s $95M in Mysten…

March 25, 2023
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2022 btclive365 All Right Rivered .

No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

© 2022 btclive365 All Right Rivered .

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In