Binance Hack: BNB Chain Halted, More Than $100M Stolen
- BNB Chain, was exploited by an attack that remains unidentified and according to PeckShield, more than $500 million have been stolen.
- The blockchain has been halted by the validators who are working on updating the nodes and fixing the error that caused the hack.
- The native cross-chain communication between BNB Beacon Chain and BNB Smart Chain is disabled since it was the BSC Token Hub wherein the attack originated.
The crypto market on Friday witnessed that the world’s biggest cryptocurrency, Binance‘s BNB Chain, was exploited by an attack that remains unidentified, but according to the data from blockchain security firm PeckShield, the amount that the attack made away with is more than $500 million, which could probably be one of the most expensive attacks in the world of DeFi.
BNB Chain is the third biggest chain by total value locked (TVL) and has numerous DeFi projects running on it on a daily basis. However, following the attack implemented by the hacker, the chain was halted and it seems that the validators are doing all the heavy lifting necessary to bring back the blockchain online as soon as possible.
Binance CEO Changpeng Zhao, also known as CZ, confirmed that at the time of attack he was asleep and when he got up, the validators had already paused the blockchain. The exploit was implemented on the BSC Token Hub, the cross-chain bridge between the BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC).
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,”CZ tweeted.
In another Twitter post, the CEO of Binance added that the native cross-chain communication between BNB Beacon Chain and BNB Smart Chain is disabled as it was the Binance BSC Token Hub that was affected by the hack. Moreover, the developers will make the blockchain live once the attackers have been stopped.
Zhao also confirmed that initial estimates for funds taken off BSC are between $100 million – $110 million however, the data from PeckShield quotes a much higher amount. While an official amount is yet to be declared by the crypto exchange, it can be confirmed that “an estimated $7M has already been frozen.”
Popular crypto analysts ZachXBT and Sam Sun worked together to figure out the cause of the entire attack and it was a bug in the blockchain that enabled the attacker to mint tokens out of thin air. To be brief, the attack convinced the blockchain to transfer 1 million BNB tokens, the native token of the Binance crypto exchange, two times in two separate transactions.
Although there were more than 500 million tokens in the cross-chain bridge, the hack tried to remain under the radars and took only 2 million tokens which amount to more than $500 million.
“There was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse,”Sun said.