[Referendum: 63] Fix Bifrost Treasury BNC Reserve Proposal, Proposal 2: Burn exploiter’s xcBNC

Authors: Lurpis, Yancy

Summary

Context of Bifrost Treasury: $BNC Abnormal Movement Report https://x.com/Bifrost/status/1809625752146424207

Private key exploiter address on Moonbeam: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29

Next actions of the private key exploiter:

2024/07/06 - The private key exploiter transferred 713,220.156 xcBNC to Moonbeam [Tx]

2024/07/07 - The private key exploiter transferred 51,000 xcBNC back to Bifrost for disposal, and 662,220.138 xcBNC remained in the Moonbeam [Tx 1] [Tx 2]

2024/07/08 - The private key exploiter carried out a series of operations such as transfers, cross-chain transactions, and exchanges. 660,920.138 xcBNC remained in the Moonbeam in two address: 0xf682b6d40ca93bdd14b2cbd843bfa4e8d3916a29 and 0x6946b057b6d17388df81617fb196d6c1cc513cba [Tx 1][Tx 2][Tx 3][Tx 4]

To prevent the private key exploiter from further sabotaging, the Bifrost side has currently suspended the cross-chain of xcBNC between Moonbeam <> Bifrost, and has governed by moving the BNC in the Moonbeam sovereign address into the Bifrost treasury for temporary storage, as the governance basis for the successful implementation of this proposal.

Proposal

This plan will be divided into two proposals for execution: Proposal 1: Temporarily disable xcBNC transfers on the Moonbeam, and take a snapshot of the xcBNC balance of the private key exploiter address: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29

Proposal 2 (this proposal): Through governance, the xcBNC balance in the private key exploiter‘s snapshot address will be cross-chain transferred back to the Bifrost Treasury, and xcBNC transfers on the Moonbeam will be reopened.

Test on Moonbeam(Chopsticks)

preimage calldata: 0x42031e020c1e0300016d6f646c617373746d6e67720000000000000000680e33d201862cc665120a351b20f7bd6ac07c1e0300016d6f646c617373746d6e67720000000000000000680733d201862cc665120a351b20f7bd6ac07cf682b6d40ca93bdd14b2cbd843bfa4e8d3916a2913faf2e6a50df57a081e0300016d6f646c617373746d6e67720000000000000000680733d201862cc665120a351b20f7bd6ac07c6946b057b6d17388df81617fb196d6c1cc513cba0f00a00d964f1ab1

preimage hash:

0x865bf6a4e86eb0d61bc0165276361a5bf92920853cad6fd3c0855e1512ec7aca

tx content:

  • Perform the operation with the asset administrator address(0x6D6f646c617373746d6E67720000000000000000).
    • Use the assets.thawAsset method to enable transfers for xc-BNC(id:165823357460190568952172802245839421906)
    • Burn 611070.138428879610 BNC in the address 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29 .
    • Burn 49850 BNC in the address 0x6946B057b6D17388df81617Fb196D6c1cC513CBA .

Execution result:

assets.AssetThawed event indicates that xc-BNC assets are live.

assets.Burned event indicates that the exploiter’s xc-BNC has been destroyed.

Test environment link:

https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0xf841203926d33ee3419a2a3ca2c6709b5167b58a38ee8d591d32431cefe6254e

Verification of Results:

The total circulation of xc-BNC has returned to normal.

Transfer of xc-BNC successfully executed.

Test environment link:

https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0xaf7e75411ab80e09e1f253e645ee80f797cd23be0eabb14b313479dc153afc90

Protocol Description

Bifrost (https://bifrost.io) is a substrate based Kusama and Polkadot parachain that provides non custodial decentralised cross-chain liquid tokens for staked assets. By leveraging on Polkadots cross-consensus message format (XCM) it provides standardised cross-chain liquid staking services for various networks notably Polkadot (vDOT), Kusama (vKSM) and the first LST solutions on both Moonbeam (vGLMR), Moonriver (vMOVR) as well as other multiple chains.

Bifrost is currently one of the largest liquid staking protocols on Polkadot, with a total TVL of $88M. vDOT, Bifrost liquid LST for staked DOT, was launched in late May 2022, and around $53.5M TVL of DOT is already staked with Bifrost. vGLMR, the first parachain-liquid staking derivative in the Polkadot ecosystem, launched in late November 2022, and it has accumulated over 5M GLMR staked with Bifrost.

Links & References

3 Likes

Thanks @bayacat . Before requesting the technical committee to consider whitelisting the proposal, I would like to invite the Moonbeam community to comment on the proposal and optionally raise any questions or concerns they may have.

I support this proposal to retrieve the stolen funds and believe that having mechanisms to vote on critical issues is essential for the security and integrity of our ecosystems

could you please clarify what specific security measures are being implemented to prevent such incidents in the future?

1 Like

The incidents occurred due to two necessary and sufficient reasons:

  • Bifrost’s multi-signature service private key leaked
  • The security of the on-chain business logic has certain loopholes

Bifrost has fixed the loopholes in the on-chain logic through on-chain governance at the first time, eliminating the possibility of similar problems from the root. At the same time, we will conduct a round of internal and external code reviews in the next period of time to ensure the security of all existing businesses.

Regarding the private key leak, we are further investigating the underlying cause of the leak. Before that, all related multi-signature services have been deactivated and temporarily replaced by governance. We will redeploy the multi-signature service in a more decentralized and secure form while ensuring that there are no loopholes in the service deployment. In the more distant future, when xcm gains more capabilities, we will completely get rid of our dependence on such multi-signature services.

In addition, it is worth mentioning that this incident only affected the Bifrost treasury. All assets and logic directly related to users are completely safe, and all users were not affected throughout the process.

2 Likes

HI @bayacat thanks for the transparency and the future proof plans/steps. I am in favor of supporting this as well.

2 Likes

gm @bayacat
Despite a lot of efforts, no dApps are bullet-proof forever…
Still: a fast and efficient reaction plan like this one proves that bad events can be handled correctly when doing it right and fast. It also proves the added value of cooperation between chains & governance existing in Polkadot.

Full support & GL.

2 Likes

Thanks for providing detail on what occurred and proposal. A couple of points:

  • Bifrost team seems to be handling the event very well, with proactive steps, transparency and effective communications

  • Force transferring tokens is a very different thing from freezing tokens, and so I think it’s good that you have gotten community feedback on the proposal which all seems positive

I’m generally in favor of the proposal and I think it’s one of the reasons we have OpenGov. Could you please share if Bifrost has reported this to any law enforcement organizations, or any other 3rd parties (for instance, it looks like the wallet was seeded with GLMR transferred from Binance)?

2 Likes

Your fast reaction to the incident, including the transparency report is really impressive. As already mentioned above, it’s impossible to have 100% security success, but it is expected to take all the required actions in order to prevent such incidents, and it definitely seems to me you’re successfully doing it.

For that you have my full support here!

3 Likes

Thank you for your support and reminder. Yes, we are working on advancing the recharge based on GLMR, but dealing with CEX often requires more time. We hope to have further leads in the future.

4 Likes