“Either the first or second biggest hack of all time,” according to experts, might have happened.
Today, the Binance blockchain, also known as the BNB Chain and the Binance Smart Chain, was shut down after a rise in “irregular activity” revealed a potential network vulnerability.
According to the official BNB Chain Twitter account and Binance’s CZ, the chain is “temporarily suspended” as a result of the recent exploit affecting Binance’s signature Binance Smart Chain.
The breach allowed attackers to escape with more than $570 million in digital assets, including Ethereum, Polygon, BNB Chain, Avalanche, Fantom, Arbitrum, and Optimism, as per blockchain security company SlowMist.
The attacker was spewing funds across liquidity pools and using whatever bridge they can to go to safer networks. The final total worth of the hack is still unknown, and it now depends on how to weigh the value of frozen vs moved tokens. Early indications after the hack point to 2M BNB, or more than $500M at the time of posting, passing through the Binance Bridge.
Sam Sun, a researcher at Paradigm (who gives a close thread on the hack), claims that the hacker persuaded the Binance Bridge to distribute 1 million BNB tokens. When it was successful, the hacker transmitted another 1 million BNB tokens to a controlled address using the same attack.
According to @0xfoobar, this hack is comparable to the most recent Ronin and Harmony Cross-Chain Horizon Bridge exploits. “Ronin was a private key exploit, and [Harmony Bridge] was broken cryptography—the precise methodology differs slightly, but the underlying concepts of broken cryptographic verification are the same.” Broken proof verification makes it possible for hackers to create false communications, he said.
BNB Chain Statement
In a statement made at 10:20 p.m. EDT, BNB Chain stated that between $70 million and $80 million had been taken from the Binance Smart Chain but claimed that $7 million in assets had been stopped before they could be transferred.
“All systems are now contained, and we are immediately investigating the potential vulnerability,” the group tweeted. “We know the Community will assist and help freeze any Transfers”. The community was reassured by BNB Chain that “all money is safe.”
Later, Binance CEO Changpeng Zhao updated the community, stating that “the current effect estimate is roughly $100m USD equivalent” and directing readers to a Reddit thread where the business gave further technical information.
Zhao claimed that there was a “exploit on a cross-chain bridge, BSC Token Hub, which resulted in excess BNB.”
Binance Bridge Is Powerless To Escape The “Bridge Problem”
Bridges, when moving from one chain to another adds a layer of complexity that has proven to be challenging, frequently appear to be one of the most significant difficulties with crypto weaknesses.
Early reports indicate that the tokens weren’t actually owned by users, but rather tokens that had never existed before the attack.
Criticism of Stopping The BSC Chain
BSC representatives went on to say that they “worked with validators to temporarily suspend BSC,” which caused some criticism to be levelled at the chain’s level of centralization. Although Binance CEO Changpeng Zhao has reassured holders that their funds are safe, there is still a lot to get here. It appears that today’s hack is the second largest in history.