As we reported, Binance network BNB Chain faced a hack during the night. The exploit occurred on BSC Token Hub, a cross-chain bridge. Here are the details of the subject…
“We got the problem under control,” Binance CEO said
Earlier today, it was reported that the attackers managed to steal 2 million BNB tokens (roughly $566 million) from Binance Bridge. BSC Token Hub is the bridge connecting BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). During the night, Binance CEO Changpeng Zhao tweeted that the problem was “under control”. CZ wrote on his Twitter account:
An exploit on BSC Token Hub, a cross-chain bridge, resulted in the generation of extra BNB. We have asked all validators to temporarily suspend the BSC. The matter is now under control. Your money is safe. We apologize for the inconvenience and will provide further updates.
Cross-chain bridges have been a common attack point for hackers. These are basically platforms that allow tokens to be transferred between Blockchains. Binance CEO said they will compensate all lost funds. “In any case, Binance will cover any funds the hackers escaped,” he added.
How did it happen?
Paradigm researcher @samczsun explained that he initially thought Venus Protocol had been hit by another hack. However, it was later revealed that the attacker actually invested $200 million in the protocol. According to the research, the attacker behind the massive hack managed to convince Binance Bridge to send them one million BNB tokens on two separate occasions. The hacker managed to find a way to fake proof for block 110217401.
The research concluded that there was an error in the way the compromised Binance Bridge validated the evidence. This vulnerability was exploited by attackers to generate random messages. Well-known hacker samczsun claims that the damage could have been much worse. However, the attacker only managed to spoof two messages.
According to Binance’s estimates, from around $600 million to the remaining $80 million, stolen funds were transferred off-chain. Some of these funds are already frozen at the time of writing. As we reported, it turned out that the funds transferred $53 million to the largest altcoin Ethereum. $399,895 is on Polygon (MATIC) network, $48.8 million is on Phantom (FTM). $3.3 million was transferred to Avalanche (AVAX), $1.1 million to Arbitrum and $1.1 million to Optimism (OP).
BNB price drops
Following the abuse news, the price of BNB Coin instantly came under selling pressure. As of now, it’s changing hands at $282, down 4.1 percent. The cryptocurrency was hovering around the intraday high of $295. As a result, BNB Coin has lost almost all of its gains from last week. As we’ve reported on cryptokoin.com, the Binance Chain case is the latest among several bridge hacks that have taken place this year.