Our platform is modular and scalable: All our products can be contracted separately, scaling as needed. Our products are divided in three pillars: energy trading and traceability, flexibility trading, and environmental commodities trading.
Our solutions are leading the global democratization of the energy market so people have access to energy, can participate directly in energy markets and can improve their lives and the lives of others.
Last week, we saw an attack on one of the big names in crypto, Binance.
The attacker became a relayer for the Binance Bridge (BSC Token Hub) before exploiting a verification proof vulnerability within, allowing them to mint two million BNB on the BSC chain to the address. The exploit resulted in the suspension of operations on the entire chain.
Bridges are a popular target for attackers, so we took a closer look at what happened.
The incident was a result of a weakness in a cross-chain bridge. In turn, the supply of Binance coins, or BNB, produced a surplus of 2 million BNB tokens. The attacker was able to exploit a vulnerability in the Binance Bridge, and they sent themselves one million BNB tokens twice in a row. The hack happened because of a bug in the smart contract where hackers could forge transactions and transfer funds into their wallets. Interestingly, the attacker managed to forge proof for a block confirmed two years ago.
In other words, “the bug lies in how Binance bridge analyses the proofs of transactions. The hacker generated the message in a way that tricked the contract’s validity. Although the hacker had no valid claims to the funds transferred, BSC Token Hub then proceeded with the payout as everything was valid” said by Adrian Hetman, tech lead of the Triaging Team at Immunefi.
The damage was contained due to a coordinated response by the BNB Chain 44 validators (26 active validators).
This type of attack is nothing new, cross-chain bridge hacks have become a common occurrence. Cross-chain bridge hacks, 13 of them, resulted in $2 billion in cryptocurrency theft.
As a result of this attack, Binance implemented a reward of $1 million for each significant bug found, and a bounty for catching attackers in the amount of up to 10% of recovered funds.
This hack is yet another reason for blockchain projects to test for similar vulnerabilities in their cross-chain bridges.
Disclaimer: Powerledger does not provide financial advice, we recommend seeking independent financial, tax and legal advice prior to purchasing any cryptocurrency.