The largest cryptocurrency exchange Binance he confirmed, that at the end of Thursday there was a big theft. Specifically, two million BNB (Binance Coin) have been selected, which correspond to about 14 billion Czech crowns, or about US $ 570 million. This does not mean that the attacker actually got such a sum.
Hackers attacked the Crypto.com exchange, stealing cryptocurrencies worth over 700 million crowns
SlowMist, a cryptocurrency-oriented security company, she pointed out to the fact that the attacker tried launder money through other cryptocurrencies. The exchange promptly reacted by suspending the activity of BNB Chain, as the offending blockchain is called, blocking part of the attacker’s cryptocurrency. Stopping a decentralized ecosystem isn’t easy, but Binance has requested all community validators individually.
BNB Smart Chain again on Friday morning moved after the software updates were deployed on the system so that the same hole could not be exploited twice. Binance’s timely action allowed the attacker to steal cryptocurrency at the maximum value 100 million dollarsor about 2.5 billion crowns.
Cryptocurrencies also deal with patches
The exploited attacking entity a vulnerability in the cross-chain bridge component, which connects independent blockchains, allowing you to easily transfer virtual money from one cryptocurrency to another. This bridge connects the BNB Beacon Chain and BNB Smart Chain blockchains.
Apparently it was an attack called double spending. This is the risk of any digital currency, which could have a token spent twice. While if you spend a 100 kroner note, you physically lose it and cannot reuse it, digital tokens can be counterfeited or duplicated. Theoretical.
The attacker used a bug in the cross-chain bridge to send a total of two transaction reports to the mechanism, which the bridge considered valid, and then approved them. So, to put it simply, the attacker tricked Binance Bridge and forced the virtual bridge to send him double the million BNB. To this conclusion out of stock researcher of the cryptographic firm Paradigm, confirmation so does Adrian Hetman, a security expert at Immunefi.
According to the SlowMist agency, an unknown individual attacked by the ChangeNOW exchange service. However, this individual never had the first or second million to transfer. Most of the stolen cryptocurrencies have been blocked, measures will follow, and Binance plans to issue a so-called post mortem in which we will learn the details. The introduction of a program that would lure ethical hackers with a financial reward to find vulnerable places so they can be repaired is also being considered.
Resources: blog Change NOW | Blog of the BNB chain | BNB / Twitter chain | CNBC | CZ 🔶 Binance / Twitter | r / bnbchainofficial | samczsun / Twitter | SlowMist / Twitter | TechCrunch