BNB Chain Resumes Activity After 2 Million Token Exploit
Have they tried turning it off and on again?
Binance’s BNB Chain is back up and running this morning after reports indicated a hacker made off with an estimated 2 million BNB tokens by exploiting a vulnerability in the network.
“BNB Smart Chain (BSC) is running ok from 20+ mins ago. The validators are confirming their status, and the community infrastructure are upgrading as well,” tweeted the official BNB Chain account.
At the time of the exploit, this sum came out to roughly $586 million, which would have made it the second-largest in crypto’s history.
However, security firm SlowMist said the hacker only managed to get away with roughly $110 million. That’s because the majority of the stolen tokens, or $430 million worth, couldn’t be transferred off the BNB chain following the chain’s suspension last night, the firm said.
Binance CEO Changpeng “CZ” Zhao last night tweeted that the “current impact estimate is around $100m USD equivalent.”
The BNB Chain team said on a Reddit update that around $7 million was frozen following “coordination from the community and internal and external security partners.”
Based on SlowMist’s analysis, stablecoin provider Tether was responsible for freezing roughly 6.5 million of its dollar-pegged USDT tokens.
Since the $BNB Chain was suspended, the ~$430M on it cannot be transferred any further. In total, over $110M was moved off the BNB ChainFrozen: ~6,5M $USDTSupplied to lending pools: ~$37.5M Borrowed: ~$16.5MStill have access to: $83.3M — SlowMist (@SlowMist_Team) October 7, 2022
BNB Chain and CZ assured token holders that “all funds are safe,” as the stolen funds were not taken from wallets, but instead newly created by the attacker.
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe,” tweeted CZ.
BNB Chain exploit
The BNB network was paused last night after detecting a spike in “irregular activity.”
The network initially announced a pause on the network at around 9 pm EDT before halting it completely 15 minutes later.
Sam Sun, a researcher at Paradigm, said the hacker managed to exploit a vulnerability in the Binance Bridge to send themselves one million BNB tokens—twice. “Either Binance was finally running the biggest giveaway that Web3 had ever seen, or the attacker had found a critical bug,” said the researcher.
The answer was that the attacker had somehow convinced the Binance Bridge to simply send them 1,000,000 BNB. Twice. — samczsun (@samczsun) October 6, 2022
The hack comes on the heels of the massive $160 million stolen from algorithmic market maker Wintermute two weeks ago. Crypto analysis firm Chainalysis also reported $1.9 billion worth of hacks for the period ending in July, an increase of almost 60% over last year’s numbers.Source