On October 30th, according to SlowMist Intelligence, on October 30, 2021, the Binance Smart Chain (BSC) decentralized transaction, protocol BXH project was attacked and approximately 130 million US dollars were stolen.
According to the analysis by the SlowMist security team, the hacker deployed the attack contract 0x8877 at 13:00 on the 27th (UTC), and then at 08:00 on the 29th (UTC), the BXH project management wallet address 0x5614 was given the attack by grantRole. Contract 0x8877 management authority.
At 03:00 (UTC) on the 30th, the attacker used the attack to transfer the assets under contract 0x8877 from the BXH strategy pool fund library. The fund library was suspended at 0x5614 at 04:00 (UTC) on the 30th. Therefore, BXH was stolen this time because its management authority was maliciously modified, which caused the attacker to use this authority to transfer project assets.