The BNB Chain — composed of BNB Beacon Chain and BNB Smart Chain (BSC) — resumed operations on Friday after an overnight malicious attack that allowed hackers to make off with at least $100 million in digital assets and forced the network to hit the brakes.
The cyber criminals tried to siphon $570 million in various digital assets in the cross-chain bridge exploit, but validators moved swiftly to halt the chain, and $429 million remained on the BNB Chain itself.
BNB Chain Halted After Exploit
The BNB Chain has become the target of crypto’s latest nine-figure hack.
On Thursday, activity on the BNB chain — the blockchain with ties to the world’s largest exchange — was halted after confirmed reports of a cross-chain exploit.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ Binance (@cz_binance) October 6, 2022
The source of the compromise happened on the BSC Token Hub, the network’s cross-chain bridge, which the hacker exploited for 2 million BNB tokens (equivalent to $560 million) due to a bug. The critical bug effectively allowed the bad actors to forge security proofs and create extra BNB tokens which they sent to an address they controlled.
The BNB Chain team promised users that “all funds are safe” as the BNB tokens were not drained from wallets but instead newly created by the hacker.
The team thanked node service providers and also acknowledged the efforts of the Binance community “for their quick and decisive actions.”
Incidentally, Ethereum co-founder Vitalik Buterin cautioned about the shortcomings of cross-chain bridges in January this year, noting the security risks inherent in such ecosystems.
Attack Estimated Above $100M
While roughly $560 million was at stake, the attackers only managed to steal $100 million. That’s because the majority of the stolen tokens (around $429 million) could not be moved from the BNB chain after the coordinated shutdown last night.
$7 million was frozen before it could be transferred, with stablecoin issuer Tether single-handedly freezing approximately 6.5 million of its USDT tokens.
The BNB Chain exploit comes on the heels of another huge hack two weeks ago on the leading crypto market maker, Wintermute. Wintermute lost $160 million through its decentralized finance (DeFi) operations.