The BSC chain paused its operations on Friday, October 7, after an attack was discovered that drained up to $100 million in crypto from the platform.
According to reports, the Attack affected the native cross-chain bridge that links the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 of BSC). With the exploit, the hackers withdrew up to 2 million BNB by leveraging an advanced forging of the low-level proof into a single standard library.
Post hack, BNB Chain made v1.1.15 available, which blacklisted several addresses and banned them from performing future transactions. This meant disabling the native cross-chain communication between BNB Beacon Chain and BNB Smart Chain.
BNB Chain update to community members
Following the Attack, BNB Chain published a blog post to take ownership and apologize to community members for the Attack. Acknowledging the freedom provided by decentralization, the crypto company assured the users that they were able to control the extent of the Attack. The blog noted:
“It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.”
BNB Chain noted that the recent attacks reveal a new way hackers operate; they target vulnerabilities in cross-chain bridges. With this, the platform committed to revealing postmortem details and lessons learned on implementing sophisticated security measures that would churn out vulnerabilities.
BSC is Running Okay
According to reports, however, the BNB Smart Chain (BSC) restored normalcy at around 06:40 UTC on the same day after chain validators ran a software update that would patch up the vulnerability used by the hackers to drain the funds from the chain. A BNB Chain status report posted on Twitter said:
“BNB Smart Chain (BSC) has been running okay from 20+ minutes ago.”
Moreover, the validators also confirmed the network’s status, noting that the community infrastructure was upgraded as expected.
“The validators confirm their status, and the community infrastructure is also upgrading.”
The platform recognized the efforts of security experts, projects, and validators, articulating that most of the funds were still under control.
Proposed actions for the common good of BNB
The platform announced its decision to perform several on-chain governance votes to determine whether to freeze the stolen funds. Other elements featured in the proposal include whether to use BNB Auto-Burn to cover the remaining hacked funds; a Whitehat program for future bugs found, $1M for each significant bug found; and a bounty for catching hackers, up to 10% of the recovered funds.
The announcement discloses plans to switch the BSC validator voting function for general opinions over the coming days by upgrading the BNB Beacon Chain. The platform will introduce a new on-chain governance mechanism on the BNB Chain to protect against possible future attacks.
According to the announcement, more community validators will keep expanding in the move towards more decentralization. This, according to BNB Chain, is essential for Web3.0’s success. Noteworthy, up to $7 million from the total loot has already been frozen.
Apart from temporary operational disruption and inconvenience to community members, the exploit also affected BNB’s price as investors responded in fear. At press time, BNB price was exchanging hands at $281.22, down 0.7% over the last 24 hours and -3.35% hours post-attack on October 6, according to data from CoinGecko.