Binance’s Crypto Dips on Heels of Confirmed Exploit on BNB Chain

Binance’s network, BNB Chain, has been hacked for potentially hundreds of millions of dollars in what the cryptocurrency exchange initially dubbed a “potential exploit” of a cross-chain bridge and later confirmed, promising a full post-mortem.

Binance on Twitter said it had paused its network, sending the price of Binance Coin (BNB) lower on the news, as the cryptoasset changed hands for as little as $279 by 7:50 pm ET. By Friday morning, the price had recovered to around $285, according to data compiled by Blockworks.

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao later confirmed via Twitter.

BSC Token Hub is the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). Binance had earlier said it was temporarily pausing its chain due to “irregular activity.”

Eagle-eyed Twitter users appeared to be the first to identify roughly two million BNB — more than $566 million — that had been transferred to an apparent attacker’s address who has so far managed to bridge out somewhere in the neighborhood of $110 million.

In a post on Reddit at around 7:15 pm ET, Binance thanked node service providers for their “quick and attentive response.”

Those providers include Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, NodeReal, Namelix, Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess and Coinbase Cloud.

Stewards of BNB Chain are now requesting BSC Validators to get in touch with them over the next few hours to plan a node upgrade.

Total losses could prove to be much less

The wallet address, confirmed by Ryan West, a Blockworks’ Research analyst, shows the wallet has transferred roughly $53 million of BNB to ether (ETH), plus $48 million to the Fantom blockchain, as well as additional funds to the Avalanche, Optimism and Polygon protocols.

“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” Binance tweeted shortly after advising users of the exploit.

The same wallet belonging to the attacker is blacklisted from Tether, per West.

Roughly $433 million, 80% of the total, remained on the BNB Chain a few hours after the stock market’s closing bell in New York, cybersecurity firm Halborn told Blockworks. Counting these funds, it would mark the industry’s second-largest hack, following the Axie Infinity Ronin Bridge exploit in March for $625 million.

According to on-chain analysis, the attacker used the cross-chain bridge protocol Stargate to transfer out. Binance representatives did not immediately return a request for comment.

BNB Chain, via Twitter, puts the loss — funds moved off of the halted BNB chain — at between $70 million and $80 million.

Understanding the mechanics of the exploit

Paradigm researcher Sam Sun, better known as @Samczsun on Twitter, published a detailed analysis of the exploit explaining how the attacker manipulated a bug in the Binance Bridge.

Loading Tweet..

“The threat actor did not need any inside information in order to effectuate this attack,” David Schwed, chief operating officer at Halborn, told Blockworks via Telegram, adding “all information required to exploit was publicly available.”

Next steps for BNB community

BNB Chain posted an update at around 5 am ET, calling the exploit “a sophisticated forging of the low level proof into one common library.”

Although the BNB Chain is paused, the bug remains active and will need to be fixed before full service can be restored.

The blog post calls for an on-chain governance vote to assess the next steps in four areas:

1. What to do with the hacked funds — freeze or not to freeze?
2. Whether to use BNB auto-burn to cover the remaining hacked funds, or not?
3. A whitehat program for future bugs found, $1 million for each significant bug found.
4. A bounty for catching hackers, up to 10% of the recovered funds.

To safely enable such a vote, the “validator voting function for general opinions will be switched on in the next few days via an upgrade of BNB Beacon Chain,” the post said.

No specific timeline is set for reactivation of the chain.

The simple fact that the BNB Chain could be halted in this manner calls into question the decentralization of the project, which has only 26 active validators. BNB Chain acknowledged the concern, but portrayed it as a strength.

“Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading,” they said, adding “This delayed closure, but we were able to minimize the loss.”

Macauley Peterson contributed reporting.

This story was updated on Oct. 7 at 5:30 am ET and 8:57 am ET.

---

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.