In a long blog post released sequel to the theft, Binance management explained that the hackers exploited the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub.”
Therefore, were able to move a total of 2 million BNB. The leading exchange platform claimed the exploit was carried out by a sophisticated forging of the low-level proof into one common library.
However, despite the fact that it runs a decentralised blockchain developed to run without external interference, it was able to contain the situation by contacting 26 BNB Smart Chain active validators out of the 44 spread in various time zones.
While this delayed the company’s efficiency in arresting the situation, it was able to minimize losses, Investors King understands. Binance reported that only BNB coins valued at $100 million were transferred to hackers’ wallets.
“Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss,” Binance said.
Therefore, in an effort to avoid a similar situation going forward, Binance has announced two key changes; to start compensating white hat hackers that helped identified loopholes that can be exploited by criminals like other top exchange platforms like Coinbase.
It would be recalled that Investors King reported that the Aurora platform paid two white hat hackers $2 million for helping to identify what could have been a disaster for the organisation.
Binance will start paying $1 million per bug once its on-chain governance votes.
Also, the company plans to pay as much as 10% of the recovered funds as a bounty to those that helped in catching criminal hackers.
Moving forward Binance said “Looking at the broader picture, we have seen a series of attacks on targeting vulnerabilities in cross-chain bridges. We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.
