Tag Archives: Exploit

Binance Smart Chain Halts After $100M Crypto Theft!

Binance just shut down its blockchain, after getting hacked and losing over $100 million in crypto coins!

The shutdown prevented an even bigger loss of $566 million, but it defeated a key purpose of the blockchain – decentralisation.

 

Binance Smart Chain Halts After $100M Crypto Theft!

On Thursday, 6 October 2022, Binance Smart Chain was hit by a hacker who targeted 2 million Binance coins (BNB) worth $566 million.

The attack appeared to have started at around 2:30 PM EST, with the attacker’s wallet receiving two transactions of 1 million BNB coins.

Soon after that, the hacker tried to liquidate the BNB coins into other assets, by using a variety of liquidity pools.

Binance acknowledged the security incident several hours later, at 6:19 PM, and halted the BNB Smart Chain.

AT 7:51 PM EST, Binance CEO Changpeng “CZ” Zhao confirmed that an exploit was used in the BSC Token Hub to transfer the BNB coins to the attacker, and that they asked all validators to temporarily suspend the Binance Smart Chain. He also claimed that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

 

Binance Smart Chain Almost Lost $566 Million!

The majority of the 2 million BNB coins worth $566 million remained on the BNB Smart Chain, and was made inaccessible to the hacker, after BSC was shut down.

This is rather ironic since blockchains like BSC are supposed to be decentralised, and not meant to be so easily turned off – a fact BNB Chain acknowledged.

Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.

Even so, a BNB Chain spokesperson later confirmed that about $100 to $110 million in funds were taken off the Binance Smart Chain, and CZ said that the impact was about a quarter of the last BNB burn.

Of the funds taken off-chain, BNB Chain was able to freeze about $7 million with help from their partners in the cryptocurrency community.

So far, about $2 billion has been lost in crypto hacks in 2022, with cross-chain bridges used to transfer tokens across blockchains a popular target.

BNB Chain said that it would introduce a new on-chain governance mechanism to fight and defend against future possible attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Money | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Clock Share Bug In iOS Allows Access To Data

While proving the SoFlo iPhone unlocking hoax, we stumbled upon a security bug in iOS 9.2.1. This security bug can be used to bypass the iOS device’s passcode or Touch ID. But it has to be done in a very specific way.

 

How To Exploit This Bug In iOS

Here is how you can exploit the bug in iOS 9.2.1 to gain access to every photo, video and contact stored in the iOS device, whether it is an iPhone, an iPad or an iPod touch.

  1. Log into the iOS device using the passcode / Touch ID.
  2. Open the Clock app and go to World Clock, and add a new Clock.
  3. Type a random word in the Search bar.
  4. Select the random word and tap to Share as a Message.

  1. Once the New Message screen opens, turn off the iOS device.
  2. Call Siri (without logging in using Touch ID / passcode) and ask for the time
  3. Click on the Clock after Siri tells you the time.
  4. Siri will not open up the World Clock, but will take you straight into New Message.
  5. Now add a random word to “To:” bar, and press Return.
  6. Double tap on the random word (now green in colour). It will bring you to the Info screen.
  7. Tap on Create New Contact.
  8. Tap on Add Photo. This will allow you to access the Photos app and EVERY photo and video in the iOS device.
  9. You can also tap on Add to Existing Contact to access the entire Contact List.
[adrotate banner=”5″]

 

Don’t Worry… Too Much

As you can tell by now, this security bug is very hard for a hacker to exploit. It requires prior access to the iOS device to “set up” the exploit.

The hacker will have to trick the owner into granting access to the iOS device. Then the hacker can follow the steps above up to no. 5. This will allow the hacker to exploit the bug (at a later time) to gain access to the iOS device’s photos, videos and contacts.

While this is a remote possibility, we nevertheless reported the security bug to Apple :

We then tested to see if the exploit would work on iOS 9.3 beta, and discovered something interesting.

It appears that Apple finally decided that it was superfluous to offer a Share option in the Clock app. How is that functionality useful to the user? It’s practically useless. So they removed the Share option completely.

In other words, even if you are logged into the iOS device, you can no longer go to the Clock app, key in a random word and Share it. The option is gone. As far as we can tell, it was gone as early as iOS 9.3 beta 5. We confirmed this in iOS 9.3 beta 6 as well (naturally).

So don’t worry too much. The coming iOS 9.3 update will fix this security bug in iOS 9.2.1 once and for all. In the meantime, just be careful who you lend your iOS device to!

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!