BitKeep, a crypto wallet suffered an exploit on BNB Chain through a service used to swap tokens.

TL;DR

On October 17, 2022, BitKeep suffered an exploit on BNB Chain through a service used to swap tokens, causing a loss of approximately $1 million.

Introduction to BitKeep

BitKeep is a decentralized multi-chain cryptocurrency wallet that provides numerous digital asset management services to consumers worldwide.

Vulnerability Assessment

The vulnerability was exploited because of a flaw in BitBTC code, in which the said contract utilized a custom bridge instead of the standard bridge that Optimism provides.

Steps

Step 1:

The L2 side of their bridge permits the withdrawal of any token and allows that token to choose the l1Token address transmitted to the L1 side of the bridge.

Step 2:

Nonetheless, the L1 bridge disregards what the L2 token was and simply mints the arbitrary L1 token.

Step 3:

Thus, an adversary could deploy their own token on Optimism, give themselves the entire quantity, and set the l1Token of their token to the actual BitBTC L1 address.

Step 4:

An attacker withdraws billions of fake BitBTC tokens from Optimism.

Step 5:

Then, when the attacker attempted to withdraw their fraudulent token via the BitBTC bridge, they are given actual BitBTC tokens on L1.

Aftermath

To ensure that there are no other asset security issues, the team had suspended their Swap service. They also communicated and collaborated with major security agencies in order to track down the hackers and recover the stolen assets.

How to Prevent Such an Attack Vector

Security is of the foremost importance, therefore project teams should use the standard bridge as opposed to developing a custom bridge without any prior risk estimates..