Binance Bridge hack perspectives, a documentation hub for your DAO and much more!
Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe.
Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.
If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!
Have an awesome week ahead!
What we’re covering this week
- The details behind the Binance Bridge hack 🆘
- CharmVerse: The documentation hub for your DAO 📃
- The future of NFTs with the rise of 0% royalties
- The biggest scammers in crypto 2022 ☠️
- Updates from Cypherock 🔥
On Oct. 7, Binance Bridge was hacked and the attacker managed to spoof the bridge in to giving him 1,000,000 BNB twice, the net result of the dollar value being ~$570M. The hack was carried out when the attacker was able to forge a proof that would essentially allow the bridge to do whatever the attacker wanted it to do. To further understand what happened here, we must first understand the Binance architecture. Binance has two chains - the older blockchain now called the Beacon Chain and the newly implemented Binance Smart Chain (BSC) which is essentially like an Ethereum EVM. Both chains use BNB as the main token, and funds can be moved across blockchains using the Binance Bridge. On the BSC side, a proof is required that funds have been withdrawn from the old Beacon Chain to validate transactions. The attacker was able to take advantage of a bug that spoofed a proof on the BSC blockchain which led the bridge to mint BNB out of thin air after which the attackers started converting the newly minted BNB into various tokens to run away the money.
After the attack, Binance immediately took action to halt the BSC blockchain by working with the 26 validators of the Binance network, out of which 19 were able to come together and stop the attacker from getting away. The net result was that the attacker was only able to move $70-80M off of the halted BSC blockchain. But, the larger question remains the speed with which the Binance network was able to halt the entire blockchain. Harkening back to the DAO hack on the Ethereum network in 2016, the Ethereum community eventually settled on creating a hard fork of the network, which came after much debate, and consensus from the entire network of Ethereum participants. The point here being that the Ethereum network could not perform unilaterally - like in Binance’s case. The ability to quickly assimilate Binance validators puts in question the nature of decentralization of the network.
Finally, the message received from the Binance Bridge exploiters within their transaction. The attackers left a note stating the following,
“I don’t believe you because you are not sincere. I only exploited eth and bsc chains. If I attack other chains like FTM, TRON, POLYGON, I believe I can get $100 million. With reference to past Nomad and Wintermute events, I should get a higher bounty than what I get now. It’s hard not to suspect that this is your official backdoor, and you should be happy that the exploit was done by me and no one else.”
What would you classify this attack as, a criminal activity or simply an effective way to expose a vulnerability in an open system.
CharmVerse is a place for community contributors to coordinate day-to-day work, sign in with crypto wallets, and unlock workspaces with DAO tokens/NFTs. CharmVerse’s main proposition is to be able to create any task into a bounty. Workspace managers can pay out bounties in ETH, custom tokens or USDC. Additionally, CharmVerse can provide token gated access to individual wallets, NFTs, groups of token/NFT holders, DAO Members or POAP collectors. Workspace admins can create roles specific to the asset that an individual may hold in the wallet and provide access to specific segments within the workspace. DAOs and venture clubs could use CharmVerse to provide deal specific memos, or updates to those that have invested in the particular deal, the same goes for content creators wanting to engage their community.
Who was Satoshi Nakamoto? Here’s some more information on the ever lasting debate in crypto.
2022 has been an explosive year in terms of scams and hacks. Scams have been so prominent that Reddit has taken to discussing who the biggest scammer of 2022 is. Check out the discussion and cast your vote for who you think the worst scammer of 2022 in crypto is.
Updates from Cypherock
NEAR is now supported on Cypherock X1. You will now be able to send and receive NEAR tokens with your Cypherock X1 wallet, additionally, you can create your custom .near account from within CySync. More details on updates and features to follow!
Is Your Crypto Safe? Take the Cypherock Quiz and find out!
Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!
Here’s some alpha 🚀
Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!
Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 10% off on their purchase and you make $25 per sale!
Have questions regarding our product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.