The BNB Chain is now back up and running after it was halted for several hours to investigate a large bridge exploit.
On Thursday, an unknown hacker seized almost $560 million in BNB from the network’s cross-chain bridge, called BSC Token Hub. Of this amount, the hacker transferred more than $100 million to other chains, according to security firm SlowMist. Almost $430 million in BNB tokens was held in the perpetrator’s address on BNB Chain.
The hacker took advantage of a security bug to forge “security proofs” that enabled the ability to withdraw the bridge’s locked funds. These proofs were needed to verify all withdrawal requests on the bridge.
In response to the exploit, the team halted the blockchain, ordering all of its 44 validators (including 26 active validators) to stop operations. This was done in an effort to prevent the hacker from making any further moves and try to take back control of funds that remained on BNB Chain, it noted in a blog update today.
“It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss,” the team said.
While the BNB Chain has already stopped funds held in the hacker’s wallet from being moved, the project will conduct a governance vote to formalize the decision and make a final call on what to do with those funds.
In the same blog post, the team said that it will conduct on-chain governance votes to decide whether to freeze funds in the hacker’s address on BNB Chain and whether to “auto-burn” the tokens.
Furthermore, BNB Chain’s governance will vote on announcing a bounty for “catching hackers” where 10% of recovered funds would be granted as a reward. Finally, it aired plans for a white hat bug bounty program that would pay up to $1 million for each security bug found on BNB network, including the exploited bridge.
Source : theblock