BitBNS Exchange Hacked for $8 Million, Incident Initially Concealed

Summary

On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.

Attackers

The identity of the attacker remains unknown. The following addresses were involved:

• 0x489519cf1b56c98a31b212b58df942a35b6921f4

Losses

The total loss is $8,068,660 across the Ethereum, BSC and Polygon chains. It is reported that some of the funds were recovered, but the exact amount has not been specified.

Funds lost by chain:

• Ethereum:
  • $6,780,064 worth 2,430 ETH
• BSC:
  • $685,939 worth 1,785 BNB
• Polygon:
  • $602,657 worth 365,247 MATIC

Timeline

• February 1, 2022, 01:42 AM UTC: The first malicious transaction was executed on the Ethereum chain with $2m worth ETH
• February 1, 2022, 03:00 AM UTC: A malicious transaction on Binance Smart Chain was executed
• February 1, 2022, 03:05 AM UTC: A malicious transaction on Polygon was executed
• February 1, 2022, 05:30 PM UTC: Stolen funds were laundered via TornadoCash
• February 1, 2022, 10:22 AM UTC: The platform was suspended. BitBNS tweeted about system maintenance and that they are working with AWS to resolve an issue.
• February 28, 2023, 08:25 PM UTC: Independent crypto sleuth, ZachXBT, posted a tweet calling out BitBNS and mentioning their attempt to hide an incident from its users
• March 1, 2023, 00:40 PM UTC: CEO of the BitBNS, Gaurav Dahake admitted to the breach during AMA session, and stated it coincided with the system maintenance and the upgrade to V3.

Security Failure Causes

Infrastructure Vulnerability: The exploit occurred due to a vulnerability in BitBNS’s AWS cloud storage, leading to unauthorized access to the exchange’s private keys.