Hackers Drain $570 Million from World's Largest Cryptocurrency Exchange, by Exploiting a Known Structural Flaw in the Prevailing Blockchain Architecture
The world’s largest Cryptocurrency exchange, Binance, temporarily ceased operations due to a successful cyber attack that exploited a known structural blockchain flaw. Binance was hit with this cyber attack on October 6th wherein the hacker was able to both create and divert a speculated sum of more than 2 million BNB tokens. The incident is still being investigated, remediated, and continues to develop resulting in conflicting reports on the aggregate loss ranging between $100 million and $574 million. The nature of this attack and Binance’s actions present timely and meaningful lessons for the Crypto community at large.
What You Need to Know
- This attack targeted Binance’s cross chain bridge, which is essentially a link between two autonomous and separate blockchains that are otherwise not interoperable. As the crypto exchange landscape sprawls into competing exchanges—cross chain bridges are not going away any time soon.
- These cross-chain bridge exploits have become the “attack de jour” in the crypto community and this particular hack is the latest–and possibly the largest–among a series of similar hacks that preceded it, all exploiting vulnerabilities found in cross-chain bridges.
- This exploit allowed the hackers to actually create new fraudulent BNB tokens out of thin air creating an ideal subterfuge to divert a reported 2 million BNB tokens, some of which appear to have been sent to a dead wallet.
- Several things remain unclear, including which of the actual BNB coins were authentic vs. counterfeit, and what amounts have been absconded with, frozen and/or are still recoverable.
- Binance acted quickly and decisively–successfully directing its validators (the parties that provide the “decentralized” approval of blockchain transactions) to temporarily suspend any approval activity on the chain and therefore was able to stop the bleeding in a reasonably effective manner.
- Binance is introducing new security measures that would combat future attacks.
- The crypto industry has been a hotbed for high-yield hacks, resulting in $2 billion in losses across 13 attacks in 2022 alone.
Align’s Takeaways
- Cybersecurity Risk Pervades Everywhere. No industry, technology, infrastructure, or community is impervious to Cybersecurity Risk. As the Blockchain and the Cryptocurrency markets mature and evolve, so too will the cyber threats that seem to be forever looming.
- The Utility of Risk Assessments is Universal. Here, amid complicated facts, the song remains fundamentally the same; as the hackers began this attack by finding a vulnerability, tied to a bug in the smart contract where hackers could actually forge transactions. As the underlying technologies, workflows, and practices continue to change, conducting periodic risk assessments remains the safeguard to identifying and understanding these future gaps and vulnerabilities as they emerge.
- Incident Response Can Save The Day. Here, in the face of a new and potentially damaging exploit, Binance presumably followed its incident response plan by swiftly reaching out to its validators, which limited the extent of the coins affected. In terms of liability, the breach in of itself is not unlawful or actionable in a vacuum, as liability is always determined by looking at the full set of facts – including whether Binance acted reasonably and swiftly. Having a thoughtful Incident Response Plan that is routinely reviewed and tested (via table top exercises) can really be the silver bullet; not in terms of preventing the attack but certainly in terms of preventing or ameliorating the damage and liability that any such attack might inflict.
Do you have cybersecurity concerns?
If so, we advise you to contact the Align Managed Services team at cyber@align.com or request to speak to a Cybersecurity Advisory team member via phone at +1 855-IT-ALIGN (1-855-482-5446).
Thank you,
The Align Team
