Binance resumes BSC bridge operation after 2M BNB exploit
The attacker leveraged a message verification vulnerability found in the BSC bridge to transfer 2 million BNB — roughly $590 million — into Venus protocol.
The BNB Smart Chain resumed its operations shortly after an attacker drained 2 million BNB from the cross-chain bridge.
Binance announced the suspension of deposits and withdrawals from its BNB chain on Oct. 6, after a hacker transferred about 2 million BNB — roughly $590 million — to a Tether-blacklisted wallet.
BNB chain validators moved to upgrade their nodes and disabled native cross-chain communication. The upgrade was intended to stop the hacker from causing more harm.
In the early hours of Oct. 7, Binance announced that the BNB Smart Chain has resumed operations.
.@BNBCHAIN is back online. We have now resumed @BNBCHAIN deposits and withdrawals on #Binance.
Thank you for your patience. https://t.co/icZvlWaHGi
— Binance (@binance) October 7, 2022
$568 million lost in BSC bridge hack
According to an on-chain investigation by Paradigm Research Analyst @samczsun, the attacker leveraged a message verification vulnerability found in the Binance bridge to send 2 million BNB (approx. $568 million) into Venus protocol.
In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse
— samczsun (@samczsun) October 7, 2022
According to security firm BlockSec, the BSC bridge hack now ranks third in a list of 11 cross-chain bridges that have lost a cumulative $2 billion since July 2021.
Security risk of cross-chain bridges
The growing list of bridge hacks brings to mind Vitalik Buterin’s argument against cross-chain bridges in a multi-chain future.
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
Vitalik argued that cross-chain bridges increase the security risks involved in transferring assets. Since assets have to be transferred across different blockchain security networks, chains become interdependent on one another.
Consequently, an attack against one chain could spread the contagion across other chains.