After $100M Exploit, BNB Chain Shut Down Its Network
After an attack on Binance’s cross-chain bridge on October 6 resulted in the theft of an estimated $100 million worth of cryptocurrency, the cryptocurrency exchange’s BNB Chain blockchain was temporarily shut down.
The BNB Chain’s official Twitter account first stated that the temporary halt was being implemented owing to suspicious behavior on the blockchain, but then clarified that it was being implemented due to a probable exploit. After announcing that the blockchain was “under maintenance,” Binance temporarily halted all incoming and outgoing transactions.
They stated that they had temporarily disabled BSC after discovering a security hole. They had successfully isolated the problem and were looking into the security hole. The support team also added that they had faith that the community would step up and help them stop any suspicious financial transactions. They assured the customers that all the funds were completely secure.
Twitter users initially speculated that a major breach had occurred on the network, with on-chain analytics suggesting that two million BNB, the chain’s native token, had been stolen, a sum worth over $600 million.
After some time, a BNB Chain engineer updated Reddit to confirm that the exploit had occurred, saying that initial estimates put the worth of the exploit between $100 million and $110 million, with about $7 million frozen.
Although “extra BNB” were created as a result of the hack on the BSC Token Hub, BNB Chain has informed its users that their assets are secure and the issue is being investigated.
Before the official notifications were made, Twitter users conducted preliminary on-chain analyses showing that the attacker had claimed a one million BNB incentive through the token hub and deposited the remainder into the decentralized finance (DeFi) lending platform Venus Protocol.
Before the BNB Chain was halted, they used cross-chain bridges to borrow $150 million worth of stablecoins, which they then exchanged for Ether, Phantom Protocol tokens, and Polygon.
Before the bnb chain halt, attacker successfully transferred:
≈ $57M to Fantom
≈ $53M to Ethereum
≈ $400k to Polygon
The 6th of October, 2022, as tweeted by Hacken (@hackenclub).
The hacker used Stargate Protocol, another cross-chain bridge supplier, to launder another million BNB.
DeFi platform Vesper Finance’s strategy lead Zane Huffman estimated the attacker stole around $100 million from an initial hack of almost $600 million, an amount later provided by Zhao.
@jeffthedunker explained how they would process the funds. It is likely that the next steps of the attackers will be to transfer ETH back to the mainnet via the bridges and then tornado. About $45 million worth of Ethereum can be found on the mainnet, while another $20 million can be found on the bridges (Avalanche and Fantom official). They could get as much as $100 million in overcollateralized ETH loans.
Huffman also noted that the attacker has digital assets worth more than $400 million blocked on the BNB Chain, with more funds perhaps stuck in cross-chain bridges on the BNB blockchain.
Tether, a stablecoin service, has also banned the address linked to the bug.