Binance’s Crypto Dips on Heels of Confirmed Exploit on BNB Chain

UPDATED: The hacker successfully extracted around $100 million before being shut down

by Sebastian Sinclair /
article-image

Source: DALL·E

share

key takeaways

  • Early indications are that Binance’s network has been hacked for hundreds of millions of dollars
  • According to on-chain analysis by Blockworks’ Research, the attacker, or attackers, have managed to “bridge out” to several other chains, including Avalanche and Polygon

Binance’s network, BNB Chain, has been hacked for potentially hundreds of millions of dollars in what the cryptocurrency exchange initially dubbed a “potential exploit” of a cross-chain bridge and later confirmed, promising a full post-mortem.

Binance on Twitter said it had paused its network, sending the price of Binance Coin (BNB) lower on the news, as the cryptoasset changed hands for as little as $279 by 7:50 pm ET. By Friday morning, the price had recovered to around $285, according to data compiled by Blockworks.

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao later confirmed via Twitter.

BSC Token Hub is the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC). Binance had earlier said it was temporarily pausing its chain due to “irregular activity.”

Eagle-eyed Twitter users appeared to be the first to identify roughly two million BNB — more than $566 million — that had been transferred to an apparent attacker’s address who has so far managed to bridge out somewhere in the neighborhood of $110 million.

In a post on Reddit at around 7:15 pm ET, Binance thanked node service providers for their “quick and attentive response.”

Those providers include Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, NodeReal, Namelix, Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess and Coinbase Cloud.

Stewards of BNB Chain are now requesting BSC Validators to get in touch with them over the next few hours to plan a node upgrade.

Total losses could prove to be much less

The wallet address, confirmed by Ryan West, a Blockworks’ Research analyst, shows the wallet has transferred roughly $53 million of BNB to ether (ETH), plus $48 million to the Fantom blockchain, as well as additional funds to the Avalanche, Optimism and Polygon protocols.

“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” Binance tweeted shortly after advising users of the exploit.

The same wallet belonging to the attacker is blacklisted from Tether, per West.

Roughly $433 million, 80% of the total, remained on the BNB Chain a few hours after the stock market’s closing bell in New York, cybersecurity firm Halborn told Blockworks. Counting these funds, it would mark the industry’s second-largest hack, following the Axie Infinity Ronin Bridge exploit in March for $625 million.

According to on-chain analysis, the attacker used the cross-chain bridge protocol Stargate to transfer out. Binance representatives did not immediately return a request for comment.

BNB Chain, via Twitter, puts the loss — funds moved off of the halted BNB chain — at between $70 million and $80 million.

Understanding the mechanics of the exploit

Paradigm researcher Sam Sun, better known as @Samczsun on Twitter, published a detailed analysis of the exploit explaining how the attacker manipulated a bug in the Binance Bridge.

Loading Tweet..

“The threat actor did not need any inside information in order to effectuate this attack,” David Schwed, chief operating officer at Halborn, told Blockworks via Telegram, adding “all information required to exploit was publicly available.”

Next steps for BNB community

BNB Chain posted an update at around 5 am ET, calling the exploit “a sophisticated forging of the low level proof into one common library.”

Although the BNB Chain is paused, the bug remains active and will need to be fixed before full service can be restored.

The blog post calls for an on-chain governance vote to assess the next steps in four areas:

  1. What to do with the hacked funds — freeze or not to freeze?
  2. Whether to use BNB auto-burn to cover the remaining hacked funds, or not?
  3. A whitehat program for future bugs found, $1 million for each significant bug found.
  4. A bounty for catching hackers, up to 10% of the recovered funds.

To safely enable such a vote, the “validator voting function for general opinions will be switched on in the next few days via an upgrade of BNB Beacon Chain,” the post said.

No specific timeline is set for reactivation of the chain.

The simple fact that the BNB Chain could be halted in this manner calls into question the decentralization of the project, which has only 26 active validators. BNB Chain acknowledged the concern, but portrayed it as a strength.

“Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading,” they said, adding “This delayed closure, but we were able to minimize the loss.”

Macauley Peterson contributed reporting.

This story was updated on Oct. 7 at 5:30 am ET and 8:57 am ET.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Avail.jpg

Research

Avail: A Unification of Crypto Infrastructure

Data publishing costs have historically been a bottleneck for rollups, and as more rollups launch, interoperability will continue to be a major challenge. Avail presents a potential solution to rollup fragmentation through its three products: Avail DA, Nexus, and Fusion, which together aim to unify the web3 experience.

by Ren Yu Kong

/

news

article-image

DeFi

What’s behind Celo’s pivot to Ethereum?

Celo’s layer-2 will aim for a summer 2024 testnet

by Jack Kubinec /
article-image

Op-Ed

The risks of restaking are extremely overrated

Like any new idea, restaking protocols will need a long break-in period to ensure their technical safety — but that’s doesn’t mean they’re not extremely promising

by Adam Efrima /
article-image

DeFi

Stacks Nakamoto upgrade unfolds a new era for the Bitcoin L2

The Nakamoto upgrade will enhance transaction throughput and enable Bitcoin finality for layer-2 transactions

by Bessie Liu /
article-image

DeFi

Bitcoin memecoins pushed fees higher than block rewards for first time

Miners may not have even noticed the halving took place over the weekend, with fees largely making up the difference so far

by David Canellis /
article-image

Business

Hut 8’s business diversity to give it an edge after the halving: Benchmark  

Research analyst Mark Palmer starts coverage of the bitcoin miner and puts its price target 50% higher than its current level

by Ben Strack /
article-image

Web3

Empire Newsletter: Bitcoin’s turn for memecoin mania

Runes, crypto taxes and Binance’s execs stuck in Nigeria

by David Canellis&Casey Wagner&Katherine Ross&Michael McSweeney /