Hackers attacked Binance, the world’s largest cryptocurrency exchange. On Thursday, it got confirmed by the agency. The hackers stole at least $100 million, but the amount may be more significant than that.
The Binance blockchain, probably known as BNB smart chain and the BNB chain, made an essential decision to stop transactions and fund transfers. This happened after discovering a vulnerability affecting the BSC Token Hub cross-chain-bridge, the Binance blockchain agency decided. However, the bridges help to make the transfer of assets easier from one independent blockchain platform to another.
On Friday, in a blog post, the BNB Chain team stated that the hacker first withdrew 2 million BNB. An amount equivalent to $568 million. According to blockchain security firm SlowMist, the attacker only succeeded in stealing roughly $110 million.
Due to a bug in the BSC Token Hub Bridge, an attacker was able to manipulate the message and create new BNB tokens. Hence, the stolen tokens were not the preexisting tokens. Therefore, it did not impact any user’s fund. In a tweet, Binance chief executive Changpeng Zhao said the company estimates the breach’s impact to be between $10o million and $110 million.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022
The team apologizes for the inconvenience due to the mishap. Ismael Garcia, a spokesman for Binance, declined to make any additional remarks beyond the blog that the BNB Chain team wrote. The statement states that the BNB Chain is currently operational again.
To prevent such cases again in the future, a new on-chain governance structure will be implemented on the BNB Chain, notified in the blog post. The bug lies in how Binance bridge analyzes the proofs of transactions, said by Adrian Hetman, tech lead of the Triaging Team at Immunefi.
The hacker generated the message in a way that tricked the contract’s validity. Although, the hacker had no valid claims to the funds transferred. BSC Token Hub then proceeded with the payout as everything was valid,” said Hetman.
The action did not occur for the first time; cross-chain bridge hacks have become a common occurrence in the past as well. One more incident occurred earlier in August. Hackers stole $190 million worth of cryptocurrency from the Nomad cross-chain bridge. The action happened after using weakness to take $100 million from Harmony’s Horizon Bridge.
In a report presented by an Intelligence company, in cross-chain bridge hacks, hackers stole about $2 billion in cryptocurrency. Moreover, following the attack on Axie Infinity’s Ronin Bridge, hackers stole about $625 million. Earlier this year, in March.