BSC hack: what do we known so far?
The BNB Smart Chain network got a series of attacks through a cross-chain bridge exploit. Previously, the damage amounted to hundreds of millions of dollars, not counting the inevitable reputational costs.
The hacker stole 2 million $BNB tokens worth $566 million using the Binance Bridge exploit. Due to the smart contract vulnerability, he was able to “convince” the bridge to allow double spending.
It is known that he used a vulnerability in a specific block (110217401), where validators, for some reason, did not “see” the inappropriate block height and proof size parameters.
Early investigations indicate that the hacker found a flaw in a special precompilation contract used to test IAVL trees. The bug allowed attackers to forge arbitrary messages during proof checking at the Binance Bridge layer. Fortunately, only two messages were forged, but the damage could have been much greater.
The head of Binance said that a prompt decision was made to suspend the network, and that users' assets were not at risk of theft. The hacker left a “digital footprint”, so some of the funds were blocked at once.
The developers quickly updated the code, announcing a community vote on the possibility of freezing withdrawn funds, using the automatic burning mechanism to cover losses, and launching special bounty programs for “white hackers”.