Banco de Brasília (BRB), Binance’s blockchain, and Sovryn, a Bitcoin-based DeFi protocol, have been attacked by cybercriminals.
Cybercriminals attacked Banco de Brasília, Latin America’s largest bank. The attack involved the LockBit ransomware, which blocked the BRB database. The Crydat hackers demanded 50 BTC (~$1 million) as a reward, threatening to publish confidential data of the bank’s clients. This is reported by Tecmundo. The bank representatives didn’t comment on the situation yet.
Meanwhile, Sovryn, a Bitcoin-based decentralized lending protocol, was attacked. The hackers exploited a vulnerability in the code of the project’s lending pools operating on Rootstock, which ensures the protocol’s interaction with the Bitcoin network. The attack caused a total loss of ~$1.1 million in RBTC and USDT. Sovryn developers reported this on their blog.
However, the biggest attack was on BSC Token Hub, Binance’s internal cross-chain bridge. The hack was confirmed on Reddit by one of the BNB Chain developers. It became known that hackers managed to withdraw digital assets worth over $100 million.
Binance developers promptly responded to the incident, briefly stopped the operation of BNB Chain, eliminated critical vulnerabilities in the code, and conducted a hard fork. Then the network recovered its work. Analysts at DeBank found that over $544 million in stolen funds remain at the hackers’ addresses, about 80% of which were blocked in the BNB Chain network.
The anonymous analyst Paradigm, known as samczsun, conducted an independent investigation and found that the hackers were able to exploit a critical vulnerability in the BSC Token Hub code and performed a double-spending attack.
SlowMist experts revealed that the attack was financed from ChangeNOW’s addresses. The hackers used the stolen 0.9 million BNB to open over-collateralized positions worth $147 million in BUSD, USDT, and USDC in the DeFi protocol Venus. Venus representatives reacted to the situation, stating that the protocol wasn’t subject to an exploit and that user funds were safe. The hackers will now either repay the loan or disappear with the borrowed assets, and their positions will eventually be liquidated.
Recall that hackers have stolen over $6.77 billion from DeFi protocol accounts in the past two years. In 2022, the attack on the Ronin sidechain remains the biggest one — at the end of March, the hackers withdrew more than $625 million in crypto.