Bifrost Private Key Treasury Theft
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The BiFrost protocol provides a way that stakable tokens can be converted into vToken assets, which are able to earn staking rewards while also being used continuously in different protocols. On July 6th, an individual was able to get ahold of a private key by compromising a server. This private key was intended to be part of a 3 of 5 multi-sig, however the signature was actually not validated properly. The key allowed a call for reimbursing up to 100 BNC in fees from the treasury, however there was no limit on the number of times this function could be called. Calling this function repeatedly allowed the attacker to drain 6.6m BNC to their own wallet. Roughly half of the funds (3,280,099 BNC) were able to be bridged to other blockchains before the attacker was caught and the remaining funds frozen. The Bifrost team have been chasing down the remaining funds and made efforts to reimburse everyone who was affected.[1][2][3][4][5][6][7][8][9][10][11][12][13]
About Bifrost Protocol
"One Stake, Endless Opportunities. The Liquid Staking Standard for Any Chain."
"Bifrost is a Liquid Staking app-chain tailored for all blockchains, utilizing decentralized cross-chain interoperability to empower users to earn staking rewards and DeFi yields with flexibility, liquidity, and high security across multiple chains."
"Bifrost's solution vToken (liquid staking voucher Token) enables users to convert their PoS tokens into vTokens in order to obtain staking liquidity and staking rewards synchronously, without barriers in cross-chain scenarios."
"Mint vToken on Bifrost (equals stake through Bifrost), you can control your underlying staking assets during the locked period."
"Bifrost Staking protocols run under the Bifrost parachain pallets, earning staking rewards every era, without centralized risks."
"Bifrost SLP helps users to realize the possibility of early redemption by matching the real-time staking quantity with the redemption quantity at the protocol layer in the form of a queue. Theoretically, it can achieve faster redemption."
"Bifrost offers delegate staking for users by selecting a set of validators and rebalancing the rewards to give more profitable solutions. By holding vTokens, you will have chances to head into a world of yield scenarios."
"The easiest way to understand Bifrost is to see it as a derivative issuer that provides liquidity for all pledged assets, issuing corresponding shadow assets during the bonding period of the original assets. At the same time, the shadow asset is a fungible Token that can be circulated in different DEXs, pools, protocols and across chains."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| July 6th, 2024 4:57:48 AM MDT | Crosschain Fund Transfer | Some funds from the theft/exploit are transfered cross-chain to the Moonbeam protocol. |
| July 6th, 2024 10:29:00 AM MDT | Official Statement Released | The Bifrost team releases an official statement about the issue, including the amount impacted and their steps forward. |
| July 6th, 2024 11:07:00 AM MDT | Resolved Within Five Hours | Birfrost co-founder reposts the information from the Bifrost team, and announces that the issue has been resolved within 5 hours. |
| July 6th, 2024 4:17:00 PM MDT | Clarification Post | The Bifrost co-founder posts a clarification that the protocol itself is decentralized and keyless, but that these were developer functions for development, and there was a problem where the number of times functions could be called was not restricted. They are looking to review the functions to improve this in the future. |
Technical Details
"Due to the exploitation of the multi-signature script private key used for automatic replenishment of BNC transaction fees (the cause of the private key leak is still under investigation), the compromised key allowed the transfer of 100 BNC from the treasury each time it was triggered. A total of 6,631,252 BNC from the Bifrost treasury was transferred to a private address."
"After a thorough technical investigation, it was discovered that the leakage of a single private key resulted from the hacking of the script server. But the following 4 factors jointly led to the incident: The script is limited to replenishing a maximum of 100 BNC in fees per call, however there is no limit on the call frequency. Batch calls to the script will invalidate the 100 BNC limit. The transaction fee is supplemented by the Bifrost Treasury, which indirectly allows exploiter’s private key to access large amounts of BNC. The script requires 3/5 multi-party signatures to be called, but the signature content is not verified during the automated multi-signature, making the multi-signature useless. The script private key is stored in plain text on the server through the configuration file, which causes the private key to be leaked after the server is compromised."
"There are some points I want to clarify. The Bifrost treasury is decentralized and keyless, but it is programmable. It is not common for someone who seems to be very familiar with Bifrost to obtain the multi-signature private key of the script and exploit specific methods.
This type of script can only have specific permissions on the protocol's own assets, but here we do lack restrictions on the call frequency and call limit for this script, we need comprehensively reviewing various scripts and optimizing them."
"Throughout this process, Bifrost on-chain code and the security of its assets were unaffected. The Bifrost chain has undergone multiple rounds of audits and is secure, robust and battle-tested. For example, the SLP protocol is fully decentralized and keyless, so SLP has no connection with the incident here.
However, the security of the off-chain script code was overlooked, and the deployment process was not strictly monitored and controlled. Although the Bifrost Treasury is decentralized and has no private key, the lack of call limits restrictions on the script caused the Bifrost Treasury's own BNC to be threatened."
Total Amount Lost
"A total of 6,631,252 BNC from the Bifrost treasury was transferred to a private address."
"During this process, 3,351,153 BNC have been successfully returned to the treasury through governance interception, and another 3,280,099 BNC have been exchanged for DOT or cross-chained."
6,631,252 BNC x 0.227351173 = 1507622.920658596 or 1508k
The total amount lost has been estimated at $1,508,000 USD.
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
"Next, we will comprehensively review the security of relevant off-chain scripts and private keys to ensure the security of the protocol's own assets. All paused transfer/cross-chain features have now resumed normally."
"The $BNC that the exploiter moved to @MoonbeamNetwork is being processed for recovery to the @Bifrost treasury through https://moonbeam.polkassembly.network/referenda/62."
"As of now, the impact of this incident on the Bifrost treasury has been completely eliminated, and no new circulation of $BNC from this incident can enter the market."
Total Amount Recovered
3,351,153 BNC+ recovered x 0.227351173 = 761888.565452469 or 762k
"To compensate for this loss, the Bifrost core team has added 3,280,099 BNC self-held shares to the treasury. Currently, the Bifrost treasury has returned to its original holding level, holding a total of 22,888,508 BNC (Bifrost Kusama & Polkadot)."
"Finally, the Bifrost Treasury will use 10,000 DOT to buy back $BNC through Hydration DCA."
The total amount recovered has been estimated at $762,000 USD.
Ongoing Developments
"We are still investigating and will pursue personal legal liability for the private theft key. It is worth emphasizing that this incident does not involve the security of Bifrost's on-chain assets and code."
"Therefore, we need to prevent such incidents from happening in the future in the following ways: Comprehensively review off-chain code, permissions, and interactions between off-chain and on-chain. As well as reduce off-chain services, and migrate logic to the chain where permitted, and re-audit permission constraints for off-chain services that cannot be removed. Avoid using addresses with large amounts of BNC, such as the Bifrost Treasury, as a source of automatic expenditure replenishment for fees, etc., and replenish through external addresses with lower balances and top-up mechanisms. The server's private key is encrypted and stored to prevent plain text transmission. The signature content is verified during automatic multi-signature to prevent ineffective multi-signature. Extend monitoring and alerting services to off-chain scripts"
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ @0xLurpis Twitter (Accessed Jul 10, 2024)
- ↑ @Bifrost Twitter (Accessed Jul 10, 2024)
- ↑ https://bifrost.subscan.io/account/eCSrvbA5gGNYdM3UjBNxcBNBqGxtz3SEEfydKragtL4pJ4F (Accessed Jul 10, 2024)
- ↑ https://bifrost-kusama.subscan.io/account/eCSrvbA5gGNYdM3UjBNxcBNBqGxtz3SEEfydKragtL4pJ4F (Accessed Jul 10, 2024)
- ↑ Bifrost | The Liquid Staking Standard for Any Chain (Accessed Jul 10, 2024)
- ↑ What is Bifrost | Bifrost Docs (Accessed Jul 10, 2024)
- ↑ bifrost.io | Twitter | Linktree (Accessed Jul 10, 2024)
- ↑ @Bifrost Twitter (Accessed Jul 10, 2024)
- ↑ @0xLurpis Twitter (Accessed Jul 10, 2024)
- ↑ Fix Bifrost Treasury BNC Reserve Proposal, Proposal 1: Temporarily disable xcBNC transfers on Moonbeam | Polkassembly (Accessed Jul 10, 2024)
- ↑ https://moonbeam.subscan.io/account/0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29 (Accessed Jul 10, 2024)
- ↑ https://moonbeam.subscan.io/xcm_message/polkadot-97a5ee811889c4bda0ab17a1b7c8752ae0c4d3c8 (Accessed Jul 10, 2024)
- ↑ Bifrost price today, BNC to USD live price, marketcap and chart | CoinMarketCap (Accessed Jul 10, 2024)