[Referendum: 62] Fix Bifrost Treasury BNC Reserve Proposal, Proposal 1: Temporarily disable xcBNC transfers on Moonbeam

Authors: Lurpis, Yancy


Context of Bifrost Treasury: $BNC Abnormal Movement Report https://x.com/Bifrost/status/1809625752146424207

Private key exploiter address on Moonbeam: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29

Next actions of the private key exploiter:

2024/07/06 - The private key exploiter transferred 713,220.156 xcBNC to Moonbeam [Tx]

2024/07/07 - The private key exploiter transferred 51,000 xcBNC back to Bifrost for disposal, and 662,220.138 xcBNC remained in the Moonbeam [Tx 1] [Tx 2]

To prevent the private key exploiter from further sabotaging, the Bifrost side has currently suspended the cross-chain of xcBNC between Moonbeam <> Bifrost, and has governed by moving the BNC in the Moonbeam sovereign address into the Bifrost treasury for temporary storage, as the governance basis for the successful implementation of this proposal.


This plan will be divided into two proposals for execution: Proposal 1 (this proposal): Temporarily disable xcBNC transfers on the Moonbeam, and take a snapshot of the xcBNC balance of the private key exploiter address: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29

Proposal 2: Through governance, the xcBNC balance in the private key exploiter‘s snapshot address will be cross-chain transferred back to the Bifrost Treasury, and xcBNC transfers on the Moonbeam will be reopened.

Test on Moonbeam(Chopsticks)

preimage calldata: 0x42031e0300016d6f646c617373746d6e67720000000000000000680d33d201862cc665120a351b20f7bd6ac07c

preimage hash:


tx content:

Use the assets.freezeAsset method to disable transfers for xc-BNC(id:165823357460190568952172802245839421906) as an administrator of BNC Asset(0x6D6f646c617373746d6E67720000000000000000).

Execution result:

assets.AssetFronzen event indicates that xc-BNC assets are frozen.

Test environment link: https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0xa1278b574c8ba112a1960[…]d2f0e5407cd22ca3bc455931f045858cc55493a

Verification of Results:

When attempting to execute a transfer with xc-BNC, the system reported a failure with the error message "AssetNotLive.” The xc-BNC transfer has been successfully disabled.

Test environment link: https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0x87c90aea022cf79c1903b[…]3217a5100cb49662aa40a1de36d56ba3ca18913

Protocol Description

Bifrost (https://bifrost.io) is a substrate based Kusama and Polkadot parachain that provides non custodial decentralised cross-chain liquid tokens for staked assets. By leveraging on Polkadots cross-consensus message format (XCM) it provides standardised cross-chain liquid staking services for various networks notably Polkadot (vDOT), Kusama (vKSM) and the first LST solutions on both Moonbeam (vGLMR), Moonriver (vMOVR) as well as other multiple chains.

Bifrost is currently one of the largest liquid staking protocols on Polkadot, with a total TVL of $88M. vDOT, Bifrost liquid LST for staked DOT, was launched in late May 2022, and around $53.5M TVL of DOT is already staked with Bifrost. vGLMR, the first parachain-liquid staking derivative in the Polkadot ecosystem, launched in late November 2022, and it has accumulated over 5M GLMR staked with Bifrost.

Links & References


Hi @bayacat thanks for the detailed post! I am in favor of supporting this. Curious on the level of impact to users post phase 1 and executing phase 2. Any idea?

Thank you for your support! After the first step is completed, users’ xc-BNC will be temporarily unable to transfer and interact. However, we will strive to complete the entire process within 1-2 days, which only involves 2 steps. Everything will return to normal after the second step of governance is completed.


We strongly support this action plan and we ask MB great community to do the same, Bifrost team is facing this incident with a strong commitment since the beginning aiming to restore / heal from the wounds received as soon as possible for the sake of their community… let’s show them how much great is Moonbeam when it comes to help friends!!!

1 Like

Thank you for your detailed report. I would like to stress the importance of demonstrating that there are solutions to this kind of situation. I fully support your proposals, which strengthen our confidence, and I am convinced that our governance will effectively protect our network against malicious individuals.