Transactions on the Binance Smart Chain were halted early on October 8 after an exploit was discovered on its cross-chain bridge, BSC Token Hub. According to initial estimates, hackers seem to have gotten away with between $100 and $110 million in stolen funds. Changpeng Zhao (CZ), CEO and co-founder of the Binance Network, took to Twitter to confirm the exploit and reassure users that their funds were safe.
"An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly," read CZ's tweet.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022
According to Sam Sun, head of security at Paradigm, the hacker managed to trick the Binance Bridge into sending out 1 million BNB tokens. After the exploit worked, the hacker used the same method to send out an additional 1 million BNB tokens, this time to an address they controlled.
Also Read
The 2 million BNB tokens would be worth more than $540 million, making it one of the largest exploits in crypto history. Blockchain security firm SlowMist confirmed the figure in a tweet and stated that the misappropriated assets included ETH, MATIC, BNB, AVA and other tokens. "Over half a BILLION dollars’ worth of $BNB was recently hacked. The hacker is now trying to spread the funds to every network to launder the funds," read the tweet from SlowMist.
Fortunately, the actual extent of the hack is estimated to be considerably less, thanks to the mitigation and containment efforts undertaken by the community. Network validators were also asked to temporarily suspend transactions on BSC, thwarting the hacker's efforts to transfer funds off-chain.
According to the official blog post, the hacker was only able to transfer between $100M - $110M off-chain, of which "an estimated $7M has already been frozen." But perhaps the biggest relief is that the stolen tokens did not belong to BSC users; instead, they were entirely created by the attacker.
This is the third attack on cross-chain bridges in 2022. Prior attacks saw $650 million and $100 million syphoned from the Ronin and Horizon bridges, respectively. As such, these cross-chain applications have drawn a lot of flak from the community. Even Vitalik Buterin, the co-founder of Ethereum, questioned "the fundamental security limits of bridges," saying that he was "pessimistic about cross-chain applications."
Crypto crime, in general, is also on the rise. Hackers have already managed to syphon $1.9 billion worth of cryptos in the first half of 2022, according to Chainalysis' Mid-year Crypto Crime Update. This is up from the $1.2 billion worth of tokens stolen during the same period last year. However, crypto is still a developing industry and hopefully, with proper measures in place, such attacks can be minimized in the future.
(Edited by : Jerome Anthony)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Telangana CM violated poll code, defer Rythu Bharosa payment, says Election Commission
May 7, 2024 9:01 PM
Lok Sabha Election 2024: How Indian political parties are leveraging AI
May 7, 2024 6:59 PM