Binance’s Crypto Dips on Heels of Confirmed Exploit on BNB Chain

UPDATED: The hacker successfully extracted around $100 million before being shut down

article-image

Source: DALL·E

share

key takeaways

  • Early indications are that Binance’s network has been hacked for hundreds of millions of dollars
  • According to on-chain analysis by Blockworks’ Research, the attacker, or attackers, have managed to “bridge out” to several other chains, including Avalanche and Polygon

Binance’s network, BNB Chain, has been hacked for potentially hundreds of millions of dollars in what the cryptocurrency exchange initially dubbed a “potential exploit” of a cross-chain bridge and later confirmed, promising a full post-mortem.

Binance on Twitter said it had paused its network, sending the price of Binance Coin (BNB) lower on the news, as the cryptoasset changed hands for as little as $279 by 7:50 pm ET. By Friday morning, the price had recovered to around $285, according to data compiled by Blockworks.

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao later confirmed via Twitter.

BSC Token Hub is the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). Binance had earlier said it was temporarily pausing its chain due to “irregular activity.”

Eagle-eyed Twitter users appeared to be the first to identify roughly two million BNB — more than $566 million — that had been transferred to an apparent attacker’s address who has so far managed to bridge out somewhere in the neighborhood of $110 million.

In a post on Reddit at around 7:15 pm ET, Binance thanked node service providers for their “quick and attentive response.”

Those providers include Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, NodeReal, Namelix, Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess and Coinbase Cloud.

Stewards of BNB Chain are now requesting BSC Validators to get in touch with them over the next few hours to plan a node upgrade.

Total losses could prove to be much less

The wallet address, confirmed by Ryan West, a Blockworks’ Research analyst, shows the wallet has transferred roughly $53 million of BNB to ether (ETH), plus $48 million to the Fantom blockchain, as well as additional funds to the Avalanche, Optimism and Polygon protocols.

“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” Binance tweeted shortly after advising users of the exploit.

The same wallet belonging to the attacker is blacklisted from Tether, per West.

Roughly $433 million, 80% of the total, remained on the BNB Chain a few hours after the stock market’s closing bell in New York, cybersecurity firm Halborn told Blockworks. Counting these funds, it would mark the industry’s second-largest hack, following the Axie Infinity Ronin Bridge exploit in March for $625 million.

According to on-chain analysis, the attacker used the cross-chain bridge protocol Stargate to transfer out. Binance representatives did not immediately return a request for comment.

BNB Chain, via Twitter, puts the loss — funds moved off of the halted BNB chain — at between $70 million and $80 million.

Understanding the mechanics of the exploit

Paradigm researcher Sam Sun, better known as @Samczsun on Twitter, published a detailed analysis of the exploit explaining how the attacker manipulated a bug in the Binance Bridge.

Loading Tweet..

“The threat actor did not need any inside information in order to effectuate this attack,” David Schwed, chief operating officer at Halborn, told Blockworks via Telegram, adding “all information required to exploit was publicly available.”

Next steps for BNB community

BNB Chain posted an update at around 5 am ET, calling the exploit “a sophisticated forging of the low level proof into one common library.”

Although the BNB Chain is paused, the bug remains active and will need to be fixed before full service can be restored.

The blog post calls for an on-chain governance vote to assess the next steps in four areas:

  1. What to do with the hacked funds — freeze or not to freeze?
  2. Whether to use BNB auto-burn to cover the remaining hacked funds, or not?
  3. A whitehat program for future bugs found, $1 million for each significant bug found.
  4. A bounty for catching hackers, up to 10% of the recovered funds.

To safely enable such a vote, the “validator voting function for general opinions will be switched on in the next few days via an upgrade of BNB Beacon Chain,” the post said.

No specific timeline is set for reactivation of the chain.

The simple fact that the BNB Chain could be halted in this manner calls into question the decentralization of the project, which has only 26 active validators. BNB Chain acknowledged the concern, but portrayed it as a strength.

“Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading,” they said, adding “This delayed closure, but we were able to minimize the loss.”

Macauley Peterson contributed reporting.

This story was updated on Oct. 7 at 5:30 am ET and 8:57 am ET.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

recent research

Research Report Templates (1).png

Research

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

article-image

Plus, breaking down Donald Trump’s shifting crypto stance

article-image

Markets are holding relatively steady despite the supply shock

article-image

Analysts are looking ahead to August, a historically volatile month made more interesting this year by the US presidential election

article-image

Plus, a look into Lighting Labs’ newest feature

article-image

Crypto’s Wild West era is over — it’s time to embrace regulation to secure the future of digital assets

article-image

Plus, Solana has now surpassed Ethereum in trailing 30-day decentralized exchange volume