Ultimate magazine theme for WordPress.

Binance Smart Chain halted due to “potential exploitation”, $100 million withdrawn from chain

Transactions on the Binance blockchain, also known as BNB Chain and Binance Smart Chain, were halted today after a potential exploit on the network was discovered through a spike in “irregular activity”.

The initial announcement was posted on Twitter by BNB Chain at 9:19 p.m. EDT, stating that there would be a temporary pause on the BSC network. However, at 9:35 p.m. EDT, the network pause came to a halt.

“All systems are now contained and we are immediately investigating the potential vulnerability,” the group tweeted. “We know the community is helping and will help freeze all transmissions.”

According to blockchain security firm SlowMist, the exploit enabled cybercriminals to get away with over $570 million worth of digital assets, including Ethereum, Polygon, BNB Chain, Avalanche, Fantom, Arbitrum, and Optimism.

“The attacker is spewing funds out via liquidity pools and using every possible bridge to get to safer chains,” tweeted blockchain developer @0xfoobar, adding that there was “a complete mess on the chain.”

This hack had the potential to become “either the first or second biggest hack of all time,” said @0xfoobar Decrypt via direct message, although the real impact will be significantly smaller given the mitigation efforts being made by the community.

The final total value of the hack has yet to be determined and currently varies based on how to account for the value of frozen and transferred tokens.

BNB Chain assured the community that “all funds are safe”. The BNB tokens were not pre-existing tokens stolen from wallets, but entirely created by the attacker.

According to Sam Sun, a researcher at Paradigm, the hacker somehow convinced the Binance Bridge to send 1 million BNB tokens. When it worked, the hacker used the same exploit to send another 1 million BNB tokens to an address he controlled.

As of 10:20 p.m. EDT, BNB Chain said $7 million in assets had been frozen before they could be transferred, but acknowledged that between $70 million and $80 million were stolen from Binance Smart Chain had been.

Initial estimates for the funds withdrawn from BSC range from $70 million to $80 million.

However, thanks to the community and our internal and external security partners, an estimated $7 million has already been frozen

1/2

— BNB Chain (@BNBCHAIN) October 6, 2022

The group acknowledged the efforts of the Binance community and security personnel, and separately thanked a number of node providers “for their quick and decisive action.”

Binance CEO Changpeng Zhao later released an update that referenced a thread on Reddit where the company provided more technical details, saying that “the current estimate of the impact is around $100 million.”

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in additional BNB,” Zhao explained.

This hack is similar to recent Ronin and Harmony cross-chain Horizon Bridge exploits, @0xfoobar tells Decrypt. “Ronin was a private key exploit, [Harmony Bridge] was broken cryptography – exact methodology differs a bit, but same general principles of broken cryptographic verification.”

“Broken Proof Verification lets hackers forge random messages,” he explained.

Stay up to date on crypto news and receive daily updates in your inbox.

Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers

Comments are closed.

%d bloggers like this: