Binance Smart Chain halted over $100M cross-chain bridge exploit

As per CoinMarketCap data, since the news of the exploit, BNB, BSC's native token, has dropped by almost 4% since the opening hours.

Friday October 07, 2022 , 2 min Read

Transactions on Binance Smart Chain (BNB Chain), the blockchain of crypto exchange Binance, was halted on Friday due to an exploit on its cross-chain bridge, with hackers making off with cryptocurrency worth an estimated $100 million.

The BNB Chain developer on Reddit confirmed the update on the exploit saying, "Initial estimates for funds taken off BSC (Binance Smart Chain) are between $100M - $110M. However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen."

At 3:49 AM (IST), BNB Chain announced on its Twitter account stating that it would halt deposits and withdrawals amid growing concerns over a hack of the network's official cross-chain bridge.

Due to irregular activity we're temporarily pausing BSC. We apologize for the inconvenience and will provide further updates here.

Thank you for your patience and understanding.
— BNB Chain (@BNBCHAIN) October 6, 2022

Changpeng Zhao, CEO of Binance, took to Twitter to confirm the exploit and shared the details on the hack.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022

According to reports by blockchain security firm SlowMist, the exploit allowed hackers to get away with over $570 million in digital assets, including Ethereum, Polygon, BNB Chain, Avalanche, Fantom, Arbitrum and Optimism.

Over half a BILLION dollars worth of $BNB was recently hacked.

The hacker is now trying to spread the funds to every network to launder the funds. pic.twitter.com/LT5rRnIHWe
— SlowMist (@SlowMist_Team) October 6, 2022

Sam Sun, a researcher at Paradigm, took to Twitter to analyse the hack. As per his analysis, the hacker convinced Binance Bridge to send out 1 million BNB tokens. When it worked, the hacker used the same exploit to have another 1 million BNB tokens sent to an address they controlled.

In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse
— samczsun (@samczsun) October 7, 2022

As per CoinMarketCap data, since the news of the exploit, BNB, BSC's native token, has dropped by almost 4% since the opening hours.

(This article was updated to correct a typo.)

Edited by Swetha Kannan

Advertise with us