It has been announced that the next step for BNB Chain will be to conduct on-chain governance votes. There will be a vote to freeze or burn funds held in the hacker’s address. After being halted for hours to investigate large bridge exploits, the BNB Chain is now up and running.
Unknown hacker took almost $560 million from BNB’s cross-chain bridge called BSC Token Hub. According to security firm SlowMist, the hacker stole more than $100 million in BNB and transferred it to other chains. Nearly \$430,000,000 in BNB tokens were held at the address of the perpetrator on BNB Chain.
Hackers used a security vulnerability to create “security proofs” that allowed them to withdraw the bridge’s funds. These proofs were required to verify any withdrawal requests made on the bridge.
The team stopped the blockchain and ordered all 44 validators, including 26 active validators, to cease operations in response to the exploit.
It was done to stop the hacker making further moves and to try to regain control of funds that were still on BNB Chain.
It was difficult as BNB Smart Chain currently has 26 validators and 44 total in different time zones. The team stated that although the closure was delayed, they were able to minimize the loss.
The BNB Chain has already prevented funds from being moved by the hacker. However, the project will hold a governance vote to formalize that decision and make the final call about what to do.
The team also stated in a blog post that they will hold on-chain governance voting to decide whether to freeze funds at the hacker’s address on BNB Chain or whether to “autoburn” the tokens.
BNB Chain’s governance will vote to announce a bounty for “catching hackers”, where 10% of the funds recovered would be given as a reward. It also announced plans for a white-hat bug bounty program, which would pay up to $1 million for every security bug discovered on the BNB network, as well as for the exploited bridge.