BNB Chain governance will determine the fate of compromised money
The BNB Chain is back up after being shut down for many hours to investigate a massive bridge exploit.
On Thursday, an unidentified hacker stole about $560 million in BNB from the BSC Token Hub cross-chain bridge. According to the security company SlowMist, the hacker moved more than $100 million to other chains. Almost $430 million in BNB tokens were stored at the offender’s BNB Chain address.
The hacker exploited a security flaw to generate “security proofs” that permitted the withdrawal of the bridge’s locked cash. All withdrawal requests on the bridge required these documents for verification.
In reaction to the vulnerability, the team ordered the blockchain’s 44 validators (including 26 active validators) to cease operations. This was done in an attempt to prevent the hacker from making any further actions and to regain control of monies that remained on BNB Chain, the company said in a blog post published today.
While the BNB Chain has already halted the transfer of cash from the hacker’s wallet, a governance vote will be conducted to formalize the decision and make a final determination about what to do with those monies.
The team said in the same blog post that it would conduct on-chain governance votes to determine whether to freeze cash in the hacker’s BNB Chain address and whether to “auto-burn” the tokens.
In addition, BNB Chain’s governance will decide on publishing a bounty for “capturing hackers” that would payout 10% of recovered assets. Last but not least, it revealed plans for a white-hat bug bounty scheme that would pay up to $1 million for any security flaw discovered on the BNB network, including the compromised bridge.