BNB Chain Suspended After $100M Hack

The BNB Chain team has suspended the network amid the BSC Token Hub bridge hack. The hackers stole over $544 million worth of digital assets, but managed to withdraw only $100 million.

“The initial estimate of the funds withdrawn from BSC is between $100 million and $110 million. However, due to the actions of the community, as well as our internal and external security partners, regarding $7 million has already been frozen,” a Binance spokesperson said on Reddit in a statement.

BSC Token Hub is the internal cross-chain bridge of the BNB Chain ecosystem. It enables the transfer of tokens between the BNB Beacon Chain governance blockchain and the BNB Smart Chain (BSC) consensus layer.

According to Binance CEO Changpeng Zhao, the attackers took advantage of an exploit that “led to the emergence of additional BNB.” The project team asked the validators to suspend the BSC.

Update:

The BNB Chain team has published a code update. Activation of the hard fork by validators will result in:

  • blocking the attacker’s accounts;
  • freezing asset transfers between BNB Beacon Chain and BNB Smart Chain.
Update:

The developers reported that following validators confirm their status, the network “works normally”. Infrastructure upgrades are ongoing.

Zhao stressed that “the problem is contained” and user funds “are safe.” According to BscScanat the time of writing, the network does not produce blocks.

According to DeBankthe cybercriminals’ address holds digital assets worth over $544 million — 80% of the funds (~$433 million) are in the BNB Chain network and cannot be withdrawn.

Data: DeBank.

Paradigm researcher samczsun explained that a critical vulnerability in the BSC Token Hub allowed hackers to carry out a double-spend attack.

According to SlowMist, an analytics company, the attackers financed the attack from addresses belonging to the ChangeNOW cryptocurrency exchange service. After executing the exploit, they contributed 900,000 BNB to the Venus Protocol landing page to open $147 million in overcollateralized positions.

The Venus Protocol team emphasized that user funds are safe. The developers explained that the hackers would either pay off the loan and liquidity would return to previous levels, or disappear with the borrowed stablecoins and positions would be “slowly liquidated.”

Recall that in September 2022, the market maker Wintermute lost $160 million in assets as a result of a hacker attack.

Read ForkLog bitcoin news in our Telegram – Cryptocurrency news, courses and analytics.

Found a mistake in the text? Select it and press CTRL+ENTER

Leave a Replay