Binance’s Crypto Dips on Heels of Confirmed Exploit on BNB Chain

UPDATED: The hacker successfully extracted around $100 million before being shut down

by Sebastian Sinclair /
article-image

Source: DALL·E

share

key takeaways

  • Early indications are that Binance’s network has been hacked for hundreds of millions of dollars
  • According to on-chain analysis by Blockworks’ Research, the attacker, or attackers, have managed to “bridge out” to several other chains, including Avalanche and Polygon

Binance’s network, BNB Chain, has been hacked for potentially hundreds of millions of dollars in what the cryptocurrency exchange initially dubbed a “potential exploit” of a cross-chain bridge and later confirmed, promising a full post-mortem.

Binance on Twitter said it had paused its network, sending the price of Binance Coin (BNB) lower on the news, as the cryptoasset changed hands for as little as $279 by 7:50 pm ET. By Friday morning, the price had recovered to around $285, according to data compiled by Blockworks.

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao later confirmed via Twitter.

BSC Token Hub is the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). Binance had earlier said it was temporarily pausing its chain due to “irregular activity.”

Eagle-eyed Twitter users appeared to be the first to identify roughly two million BNB — more than $566 million — that had been transferred to an apparent attacker’s address who has so far managed to bridge out somewhere in the neighborhood of $110 million.

In a post on Reddit at around 7:15 pm ET, Binance thanked node service providers for their “quick and attentive response.”

Those providers include Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, NodeReal, Namelix, Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess and Coinbase Cloud.

Stewards of BNB Chain are now requesting BSC Validators to get in touch with them over the next few hours to plan a node upgrade.

Total losses could prove to be much less

The wallet address, confirmed by Ryan West, a Blockworks’ Research analyst, shows the wallet has transferred roughly $53 million of BNB to ether (ETH), plus $48 million to the Fantom blockchain, as well as additional funds to the Avalanche, Optimism and Polygon protocols.

“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” Binance tweeted shortly after advising users of the exploit.

The same wallet belonging to the attacker is blacklisted from Tether, per West.

Roughly $433 million, 80% of the total, remained on the BNB Chain a few hours after the stock market’s closing bell in New York, cybersecurity firm Halborn told Blockworks. Counting these funds, it would mark the industry’s second-largest hack, following the Axie Infinity Ronin Bridge exploit in March for $625 million.

According to on-chain analysis, the attacker used the cross-chain bridge protocol Stargate to transfer out. Binance representatives did not immediately return a request for comment.

BNB Chain, via Twitter, puts the loss — funds moved off of the halted BNB chain — at between $70 million and $80 million.

Understanding the mechanics of the exploit

Paradigm researcher Sam Sun, better known as @Samczsun on Twitter, published a detailed analysis of the exploit explaining how the attacker manipulated a bug in the Binance Bridge.

Loading Tweet..

“The threat actor did not need any inside information in order to effectuate this attack,” David Schwed, chief operating officer at Halborn, told Blockworks via Telegram, adding “all information required to exploit was publicly available.”

Next steps for BNB community

BNB Chain posted an update at around 5 am ET, calling the exploit “a sophisticated forging of the low level proof into one common library.”

Although the BNB Chain is paused, the bug remains active and will need to be fixed before full service can be restored.

The blog post calls for an on-chain governance vote to assess the next steps in four areas:

  1. What to do with the hacked funds — freeze or not to freeze?
  2. Whether to use BNB auto-burn to cover the remaining hacked funds, or not?
  3. A whitehat program for future bugs found, $1 million for each significant bug found.
  4. A bounty for catching hackers, up to 10% of the recovered funds.

To safely enable such a vote, the “validator voting function for general opinions will be switched on in the next few days via an upgrade of BNB Beacon Chain,” the post said.

No specific timeline is set for reactivation of the chain.

The simple fact that the BNB Chain could be halted in this manner calls into question the decentralization of the project, which has only 26 active validators. BNB Chain acknowledged the concern, but portrayed it as a strength.

“Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading,” they said, adding “This delayed closure, but we were able to minimize the loss.”

Macauley Peterson contributed reporting.

This story was updated on Oct. 7 at 5:30 am ET and 8:57 am ET.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Research report HL cover.jpg

Research

Hyperliquid Deep Dive: The Future of Perp DEXs

It's increasingly apparent that orderbooks represent the most efficient model for perpetual trading, with the primary obstacle being that the most popular blockchains are ill-suited for hosting a fully onchain orderbook. Hyperliquid is a perpetual trading protocol built on its own L1 that aims to replicate the user experience of centralized exchanges while offering a fully onchain orderbook.

by Carolina

/

news

article-image

Finance

Crypto-focused federal chartered bank intros settlement network

CoinFund, EDX Clearing and Nonco are among the first users of the offering

by Ben Strack /
article-image

Web3

Empire Newsletter: The war on crypto mixing has a new front

Crypto mixers continue to be a target of government scrutiny

by Casey Wagner&David Canellis&Katherine Ross /
article-image

Op-Ed

Stop chasing degens

If recent history is any gauge, most teams still opt for the “sugar high” of short-term degen adoption over pursuit of more sustainable users

by Mark Hendrickson /
article-image

FinanceMarkets

BlackRock’s bitcoin ETF inflows halt after 71-day streak, data shows

The iShares Bitcoin Trust saw zero flows Wednesday, according to Farside Investors, after seeing $15.5 billion enter the fund in its first 71 days

by Ben Strack /
article-image

DeFi

Points farming comes for Bitcoin as Merlin becomes 9th-largest chain

The Merlin Chain Bitcoin layer-2 grew by roughly 2,000% in the past month

by Jack Kubinec /
article-image

Business

DOJ arrests founders of privacy-focused crypto wallet Samourai

The DOJ charged the CEO and CTO with a count of conspiracy to commit money laundering and a count of conspiracy to operate an unlicensed money transmitting service

by Katherine Ross /