Alex bridge on BNB is drained of $4.3M after suspicious upgrade

As a researcher with experience in blockchain security, I find the recent incident involving the Alex protocol bridge on the BNB network deeply concerning. According to reports, suspicious withdrawals totaling $4.3 million occurred just after the contract was suddenly upgraded by the protocol’s deployer account.

As a crypto investor, I closely monitor reports from reliable sources to stay informed about potential risks and developments in the market. Recently, CertiK, a renowned blockchain security platform, released a report on May 14, revealing that an unusual incident occurred with the Alex protocol bridge on the Binance Smart Chain (BNB) network. Shortly after the sudden upgrade of its contract, approximately $4.3 million in questionable transactions were detected. It is essential for us as investors to be aware of such occurrences to protect our investments and mitigate potential risks.

Alex functions as a Bitcoin-based decentralized finance protocol, as stated on its website. It offers the creation of financial applications directly on the Bitcoin blockchain. Notably, it utilizes bridges that enable asset transfers from other networks like Binance Smart Chain and Ethereum to its own platform.

As a researcher, I’ve uncovered some intriguing findings while examining the blockchain data. The Alex deployer account executed five identical upgrades to the “Bridge Endpoint” contract on BNB Smart Chain, starting from 3:56 pm UTC. Following these upgrades, an approximate total of $4.3 million in assets were transferred out of the BNB Smart Chain network. These assets consisted of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO).

Due to the fact that the upgrade was carried out using the protocol’s deployer account, Certik has classified the occurrence as a potential private key breach.

Alex bridge on BNB is drained of $4.3M after suspicious upgrade — Certik

The update process modified the execution address to conclude with the digits 7058. This revised implementation comprises unverified bytecode, rendering it illegible for humans to decipher.

Approximately 48 minutes following the initiation of the upgrades, the proxy address linked to the bridge contract invoked an unauthenticated function towards an address concluding with “4848E”. Consequently, a sum valued at around $1.08 million in BTC (16 BTC), 2.7 million SKO ($75,000), and approximately $3.3 million in USDC stablecoin were transferred to the address labeled as “484E” at 4:44 pm.

As an analyst, I’ve noticed some concerning activity that warrants further investigation. At approximately 5:41 pm, following a questionable upgrade on BNB Smart Chain at around the same time, a similar sequence of upgrades took place on Ethereum. In this instance, the deployer updated the “artist address” to an unverified contract. Shortly after, an account with the ending “05ed” attempted to withdraw funds from the “team address.” However, these attempts were unsuccessful and resulted in a “not owner” error. It’s important to note that the attacker might be attempting similar actions on other networks as well.

Before May 10, there was no record of activity for the 05ed account. On May 10, an unconfirmed transaction occurred, leading to the creation of one contract. Two additional contracts were formed on May 14, raising suspicion that this account might be managed by a malicious user.

When the article was released, the Alex team hadn’t verified the vulnerability or spoken out about the occurrence yet.

In May, the Alex bridge wasn’t the only system to encounter a potential threat. On the 13th, it was reported that the decentralized exchange Equalizer suffered a loss of over 2,000 of its own tokens. The attacker had managed to steal them gradually over several days. Additionally, on May 6, Gnus.ai experienced a hack resulting in losses amounting to $1.27 million.

2024-05-14 23:47

Read More