Funds are SAFU?

Some hours ago, Binance tapped all chain validators to halt the BNB Smart Chain after an exploit in the Binance cross-chain bridge BSC Token Hub. The BSC Token Hub is a bridge between Binance Chain and BNB Smart Chain which allows users to move funds between the 2 chains. The bridge has been exploited to the tune of about $110 million worth of BNB, which is no small amount. The good thing is that BSC is pretty centralized, which means they were able to freeze some of the funds pretty quickly. I'm not going to sit here and try to explain the technical shit behind the exploit because it's kinda over my head, I just wanted to get this news out there.

Using some pretty wild methods described in this Twitter thread, the attacker was able to convince the bridge to send them 1 million BNB on 2 different transactions. This is one of the risks involved with brand new technology. Bad actors are always going to try to find a way to exploit something for their gain. Unfortunately, because cryptocurrency and blockchain technology is fairly new, and nothing is perfect... It's the perfect playground for hackers and scammers. We've seen scams and hacks over and over again, with no end in sight. This is to be expected, as I said.

As this Twitter user explained, they could have done this a lot more than twice. This could have been done repeatedly until the bride was completely depleted of BNB, causing way more damage. The attacker discovered a bug in the way the bridge verifies proofs that allows the forging of arbitrary messages to the bridge. Fortunately, the issue is now contained and being actively investigated so no user funds are affected. So what does this mean for the average daily user of BSC? Not much really aside from the fact that you won't be doing any transactions for the moment.

Our native DeFi platform, Cub Finance, runs on BNB Smart Chain, so you will not be able to use the platform at all during the chain halt. This also means that bridging funds from Hive to BSC such as HBD to bHBD, or HIVE to bHIVE will not be possible. The transactions will be stuck or may fail until the chain is started back up again. The good thing is that we have another incredible native DeFi platform called PolyCUB that is running just fine on the Polygon chain.

If you're wanting to do DeFi stuff, my advice would be to use PolyCUB for the time being until this issue is resolved and the chain resumes. The reality is that this could potentially happen to any bridge using similar ways to validate proofs. Hopefully other bridge operators can learn something from this exploit that helps to further secure the platforms.

The attacker's wallet holds over $600 million worth of stolen funds at this point, and if it's all on BSC... It can be frozen, and the address can be blacklisted from making transactions on the chain. This would render funds useless unless the attacker has already been moving funds around. Likely already siphoning funds through mixing services and such to launder the stolen money. We always say crypto is the wild west, and that is absolutely true.

This is why it's so utterly important to take the security of your funds very seriously and use tools like hardware wallets. Using things like 2 factor authentication through apps like Google Authenticator or Authy should be standard practice for anyone using crypto. Everyone wants to scream "not your keys, not your coins" but then hold all their funds on exchanges like Binance or in hot wallets. Wake up people. I feel like I'm starting to sound like a broken record.

I'll be watching for updates on this and likely Threading about it as it unfolds. Til next time frens, stay SAFU.

Article written by: @l337m45732 AKA 0xNifty.nft

Posted Using LeoFinance ^Beta