BXH was “black” recalled the whole story

BXH was hacked for three days. Originally, he was extremely angry and panic. There were too many thoughts in his mind. Now, calm down, think carefully, and write something. I hope that friends who are also victims can provide some information and ideas, face them together, punish the perpetrators, and return everyone to peace as soon as possible.

Time: 2021/10/30 8:38AM

After I got up, I instinctively opened the BXH DAPP and tried to withdraw the deposited WBNB single currency. The pledge could be released but the currency could not be withdrawn. The GAS displayed when withdrawing was 0. My first instinct was whether there was a problem with the BSC network, and I tried to replace the network node, but to no avail. Continue to withdraw the coin and try to manually increase the GAS rate by 100 times, indicating that the withdrawal failed. Experience tells me that this is not a network problem. It is mostly caused by insufficient assets in the pool. It is often the case that the lending platform is not enough to withdraw, but BXH is not a loan but a machine gun pool. So I went to the official telegram group to respond to the situation as soon as possible, and the response I got was as follows:

BXH was "black" recalled the whole story

According to the Paidun announcement, the “hacker” did not start the attack at this time. The hacker’s first attack time was around 11 a.m. on 10/30, but it happened that the official failed to withdraw coins more than 2 hours earlier.

BXH was "black" recalled the whole story

What followed was that more and more users in the official group started to respond. At first, no one thought it was a hacker attack and assets were stolen. Obviously, the official didn’t think it was. I don’t judge whether it is really unknown or the script here.

BXH was "black" recalled the whole story

At the beginning, it was said that 4000 ETH was stolen . The truth is that the single pool on the entire BXH BSC chain (except for the coins that have been invested in the external platform in the strategy contract) and the rest except MDX are almost all transferred away. These coins can be considered as deposits for withdrawals. .

The victim with the technology behind posted the general reason for the hack in the official group, and the private key was stolen! This sounds like a fantasy, but the coin is using the administrator’s private key authority to authorize another account administrator. This account can directly replace the original WITHDRAW method with the new WITHDRAW1 through the form of upgrading the contract code. Withdraw all coins in a single coin pool with one click.

BXH was "black" recalled the whole story

BXH was "black" recalled the whole story

BXH was "black" recalled the whole story

Simply put, someone took the BXH administrator’s private key and set another address as an administrator, and then the other address withdrew all the money, and then the original administrator suspended the presentation. Note that the details here are very interesting, and the operation of the hacker is also very logical. Does it make everyone feel that it is a guardian or outsider doing it? My personal understanding is that if the private key is stolen, you can use the original administrator to directly withdraw the currency, first authorize the new address and then upgrade the contract withdraw, and then use the original administrator to suspend the withdrawal. What kind of magic operation is this.

After the official announcement of the theft was announced, it was heard that the police had also begun to intervene, and the security company sent shields also began to intervene. The official telegram group began to fry, and all kinds of information and rumors were overwhelming. Some victims also established rights protection groups on WeChat and Telegram. The following information is too much, so I won’t list them all here. I will list some reference-significant things, without commenting, everyone will judge for themselves:

1. After the accident, the official release of the residual value of the platform on the BSC chain:

BXH was "black" recalled the whole story

2. It is said that Wang Bin, the out-of-control person of BXH, is currently based in Dubai, and the other teams are in China. They usually operate through remote control. Many people in Telegram have added Wang Bin, and this has been verified through the mobile phone number registered by Telegram.

BXH was "black" recalled the whole story

BXH was "black" recalled the whole story

3. After being stolen, the “hacker” started laundering coins as soon as possible . At the beginning, BTC B and ETH were washed to the BTC network and ETH network through cross-chain bridges such as RenBTC. So far, BTC and ETH in the stolen assets ETH has been washed out, and only stable coins and BNB, CAKE, etc. are left in the BSC wallet. The transfer of assets by the “hacker” is also very rhythmic and calm. It can be preliminarily judged that the “hacker” is a professional and has been preparing since the 27th. The earliest wallet GAS fee came anonymously from the ETH network. Start working at around 10pm on the 29th, and finish it from midnight to 11am on the 30th. The transfer of assets was completed from 11 a.m. to 3 p.m. on the 30th. According to official claims, BSC and related cross-chain bridges have been notified immediately after the theft, but RENBRIDGE does not have a blacklist function, and “hackers” still smoothly wash out assets.

4. On the day the 30th was stolen, the “hacker” suspended the withdrawal function through the original administrator’s authority. On the afternoon of the 30th, the official issued a stolen announcement and randomly suspended the withdrawal. Since the “hacker” has suspended the withdrawal of coins, and the subsequent official has suspended the withdrawal of coins for the second time, the subsequent official reportedly has changed the OWNER address and private key, and claimed that the private key is kept by a new controllable person.

5. The official announcement was made on the 30th that the police intervened and the security company sent a shield to assist in the investigation, but the victim asked for evidence and sent a shield to reply. It was only for remote assistance and did not go to the domestic team site. In addition, the police officials did not disclose any information, until after 6 o’clock in the evening on 11/2, the officials issued an announcement that the Hengyang police of Hunan Province intervened in the investigation and produced a letter of inquiry. Later, a person familiar with the matter revealed that the local police and Paidun were both found by the victims, not official contacts.

6. Because BXH’s BSC chain assets were stolen, which caused a chain reaction, several major domestic machine gun pools were divided into guns. COINWIND, the biggest victim, preliminary statistics of affected funds are between US$100 million and US$150 million, and funds stolen between US$60 and 80 million. The main origin is that COINWIND directly invested most of the assets such as BTC and ETH into BXH dolls.

At first, many of the information on hand is messy and needs time to sort out. There are many that can be written and provided, but due to time issues, I will continue to update it in the future.

Finally, provide some technical information, and hope that there are technical experts and white hats can help:

The BXH.COM related currency contract addresses are now announced as follows:

BTC:0x2483e0e9b6d2a3b30d375ac43f6798560e235ea0

ETH: 0x30032ac497ab92bf4ced1d607b77087afdfae953

USDT: 0x0d6302be68ee9d2406aa7e201565916d70e5ca85

USDC : 0x66b8b7d0355ad652a6bdf2d28426cac8658839c3

BUSD: 0xd82d716a2c06357c6f62ada159ef287ba65b75f3

WBNB: 0x48ad49fb3a9188583241c153d4629706db735877

Hacker address: 0x48C94305BDDfd80c6F4076963866D968Cac27d79

Hackers use this contract to steal funds: 0x13b81fa9c0873a74c49a85bd8149c1c20bf9d18c

BXH policy address: 0x6aceca12de5a15f11ca51b654433259533b0b802

The owner address of BXH: 0x56146B129017940D06D8e235c02285A3d05D6B7C

BXH was "black" recalled the whole story

  What’s interesting is that in the past few days, Lao Ma’s Twitter has posted an ancient poem by Cao Zhi. The richest man still has such a pattern. I hope that the people of the country “are too anxious”!

BXH was "black" recalled the whole story

In the end, it was inconvenient for me to expose too much due to some special reasons. It was because the black hand behind the scenes was still observing the progress of the situation secretly. Friends who have any useful clues can shout in each group of the telegram, and friends of the victims will find me. I hope that the “hacker” can contact me when I see this. I am also willing to act as an intermediary. Pirates are also good, and I hope they can give users peace.

-A victim of BXH

-2021/11/3

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/bxh-was-black-recalled-the-whole-story/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply