On October 29, 2021, the BXH (BOY X HIGHSPEED) cryptocurrency exchange experienced a hack of $139 million in tokens.  This makes it one of the biggest hacks in DeFi history.

Inside the Attack

BXH is a decentralized cross-chain cryptocurrency exchange program.  The attacker gained access to the stolen funds due to a failure to properly protect the administrative key of the project’s account on the Binance Smart Chain (BSC).

The details of the hack make it probable that it was an inside job.  The attacker has access to the administrator’s private key, making an inside job or a malware infection (potentially embedded in BXH’s own website) probable causes for the hack.  With this private key, the attacker was able to digitally sign a transaction transferring $139 million in tokens from BXH’s account on BSC to their own account.

Lessons Learned From the Attack

The BXH hack demonstrates the importance of properly protecting the private keys used to protect tokens and other digital assets on the blockchain.  Ideally, large quantities of cryptocurrency (like those held by the BXH exchange) should be protected using a multi-signature wallet that requires multiple private keys to perform transactions.

For a more in-depth discussion on protecting private keys for large blockchain projects, reach out to our security experts at halborn@protonmail.com.

Explained: The BXH Exchange Hack (October 2021)
Rob Behnke