On Oct 7, Beosin EagleEye monitored that BNB Chain’s cross-chain bridge BSC Token Hub was exploited for about $850 million, including $710 million on BSC and $143 million of bridged assets.

Attack Flow

BSC Token Hub uses a special pre-compiled contract for validating IAVL trees when performing cross-chain transaction verification. There is a bug in its implementation which may allow an attacker to forge arbitrary messages.

1. The attacker first picks the hash of a successfully submitted block (specified block: 110217401).

2. Then construct an attack payload as a leaf node to verify IAVL tree.

3. Add an arbitrary new leaf node to the IAVL tree.

4. At the same time, add a blank internal node to satisfy the implementation proof.

5. Adjust the leaf node added in step 3 so that the computed root hash is equal to the correct root hash selected in step 1 for a successful commit.

6. Finally construct the withdrawal proof for that particular block (110217401).

Vulnerability

In the branch where len(pin.Left) is not 0, the hash calculation does not use the pin.Right data. The hacker uses this vulnerability to construct data and add proof.LeftPath[1].Right data, but this data is not involved in the hash calculation.

The current version has fixed.

Fund Trace

Using Beosin Trace — a crypto investigation and compliance tool, Beosin security team found that BSC Token Hub exploiter had bridged about $143.57M of the stolen funds to other chains (including lending). About $77.39M were bridged to Ethereum, ~$58.96M to Fantom (including gUSDT), ~$17.2M to Avalanche, ~$4M to Arbitrum, ~$400K to Polygon and ~$1.1M to Optimism.

Trace Map from Beosin Trace

Trace Map from Beosin Trace

Trace Map from Beosin Trace

Funding statistics from Beosin Security Team

BNB Chain Back Online

BNB Smart Chain (BSC) resumed operations at around 06:40 Coordinated Universal Time (UTC). Beosin security team find that the current BSC node blocks the flow of stolen funds and potential attacks by blacklisting and suspending the iavlMerkleProofValidate feature.

Cross-chain Bridge Security

Cross-chain bridges are usually projects with large amount of assets. The more code volume is, the more likely that some combinations of multiple vulnerabilities may occur. A high-risk point of cross-chain bridge is the off-chain security, because the on-chain and off-chain codes are generally audited separately, and off-chain security is usually guaranteed by the project itself, resulting in many vulnerabilities to be ignored.

Previous cross-chain bridge attacks are mainly from off-chain vulnerabilities or private key compromise. This time the exploit is through the construction of a specific root hash to construct a specific block of withdrawal proof. The attack is more sophisticated, and the amount is also higher than in the past. This incident also reminds us that vulnerabilities are often found in places we don’t expect, so the only thing is to keep improving the security of the project and discover these bugs earlier than those malicious actors.

For more cross-chain bridge related articles, please check our website at https://beosin.com/resources/

Contact

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn