Introduction
On October 7th, 2022, the Binance Bridge on BSC (Binance Smart Chain) was hacked for 2,000,000 BNB. At the time, BNB was worth about $300, so the total notional value of tokens stolen was $600M. However, only about ~$100M of value was ultimately bridged out.
On BSC, the Binance Bridge is a bridge between the Beacon Chain and the Tendermint Chain.
NOTE: Big credit to samczsun who did a lot of the initial investigation on this.
A nontrivial part of this is paraphrased from his thread↗. My goal here is to make it as accessible as possible for laypeople and easy to understand. Also, thanks to Sam for helping fact-check this.
The Exploit
What is known is that the hack took place on a blockchain called BSC, or Binance Smart Chain. The Binance Bridge provides liquidity to BSC. The hacker convinced the Binance Bridge to send them 1,000,000 BNB two times. BSC was worth about $300, so this was about $600M. This was all done using an exploit. What’s currently believed is that this exploit essentially exploited a flaw in a custom functionality built into BSC. This functionality was a merkelized IAVL tree. This code actually lives in a library↗, but it is part of the BSC L1 (it’s a precompile).
This IAVL tree is responsible for enforcing/checking the validity of messages sent to the Binance bridge. For instance, under normal circumstances, the IAVL tree is supposed to reject a hacker’s message to fraudulently withdraw 1,000,000 BNB. However, the attacker found a flaw in the IAVL verification routine, which allows him to trick the IAVL tree into accepting arbitrary messages. Armed with the capability to have arbitrary messages they forge accepted, the hacker then submitted two fraudulent withdrawals.
The IAVL code seems to have been a part of Cosmos SDK. However, Cosmos (thankfully) doesn’t use IAVL for validation now. They use ICS23 which we currently believe is not affected.
Exit Liquidity
Now that the hacker has all of this BNB token, they are not done yet. All of these tokens are still on the Binance Smart Chain. The hacker likely knew that BSC would be halted/frozen after such a massive hack, so they knew they had to transfer as much value off of BSC as quickly as possible. The typical way one would transfer funds among different blockchains are bridges. So after hacking the Binance Bridge, the attacker then went to other bridges to try to convert his hacked BNB proceeds on BSC to other chains. This is because the hacker probably knew that it’s not likely that other chains would be frozen when BSC is hacked (other chains don’t really have an incentive to cooperate).
NOTE: These other bridges were NOT hacked, they were just used as part of the hacker’s exit strategy.
Note that this poses a challenge because when hacked funds are moved off-chain, it effectively makes any ‘claw-backs’ or reversals impossible. Suppose there is a bridge that goes between the BSC and Ethereum chains. Imagine you’re the hacker. As you dump your hacked (soon to be frozen/blacklisted/whatever) tokens onto the BSC side of the bridge, you receive an equivalent amount of tokens on the Ethereum side of the bridge. No matter what happens on the BSC side–even if they “roll back” the entire blockchain–you have tokens on the Ethereum side which are going to be much more difficult to freeze or obstruct. The issue is that those Ethereum-side tokens you receive originally belonged to someone else, who was supplying liquidity to that BSC-Ethereum bridge the hacker used.
As a second note, this also effectively dampens the amount of value that can be extracted from a hack like this. After they deplete all of the existing liquidity that ties BSC to other chains, you can’t really get any more value off of BSC. At that point BSC becomes a bit of an island.
Conclusion
Bridges are sometimes hacked for large amounts of money. However, that is not to say all bridges are insecure. Bridge security is both extremely important and difficult to get right.
About Us
Zellic specializes in securing emerging technologies. Our security researchers have uncovered vulnerabilities in the most valuable targets, from Fortune 500s to DeFi giants.
Developers, founders, and investors trust our security assessments to ship quickly, confidently, and without critical vulnerabilities. With our background in real-world offensive security research, we find what others miss.
Contact us↗ for an audit that’s better than the rest. Real audits, not rubber stamps.