BNB Chain, la Blockchain of the Binance cryptocurrency exchange, resumed operations following being forced to suspend them due to a vulnerability in its cross-chain bridge, where attackers stole cryptocurrencies worth around 100 millions of dollars.
NBB Chain’s official Twitter account first announced a temporary outage due to “erratic activity” on the blockchain, but soon added that it was due to a possible vulnerability. Binance said the blockchain was “under maintenance,” suspending all deposits and withdrawals.
.@BNBchain is currently undergoing maintenance.
We will be temporarily suspending all deposits and withdrawals through the BNB channel until there are further updates.
We apologize for the inconvenience. Thank you for your patience !
– Binance (@binance) October 6, 2022
- The BNB chain is made up of the BNB beacon chain and the BNB smart chain (BSC).
Early token movements suggest the attacker attacked up to two million BSC tokens, but actual losses might be much lower. The BSC chain estimates that assets of between $100 million and $110 million have been transferred from the chain, but clarified in a tweet that $7 million has already been frozen.
BNB Chain said the vulnerability, implemented on the BSC Token Hub, resulted in the creation of “additional BNB,” but assured the public that its system is under control and user funds are safe, while continuing to investigate the vulnerability.
Initial analysis of the channel by Twitter users before the official announcements revealed that the attacker claimed a reward of one million BNB via the “hub token” before depositing the balance on the decentralized lending platform Venus Protocol (DeFi).
Changpeng Zhao, Founder and CEO of Binance, also tweeted regarding the incident, stating that amid the network suspension, validators were asked to temporarily suspend BSC to limit issues.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in additional BNB. We have asked all validators to temporarily suspend BSC. The problem is now under control. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
– CZ ???? Binance (@cz_binance) October 6, 2022
According to Sam Sun, a researcher at Paradigm, the attacker managed to convince Binance Bridge to send 1 million BNB tokens. When he saw it worked, the hacker used the same exploit to send another million BNB tokens to an address he controlled.
At first I thought that @VenusProtocol has been hacked once once more. However, it only took seconds to determine that the attacker had actually deposited over US$200 million into Venus’s account.
Instead, I had to find out where those funds came from. pic.twitter.com/kNHp2k7aOt
– samczsun (@samczsun) October 6, 2022
Twitter users have pointed out that Tether – the largest stablecoin provider – has blacklisted an offensive address, suggesting the company suspects the token smuggling is the result of an attack, not something. something more benign.
The BNB network has announced that it will conduct a series of on-chain votes that will decide whether the contested funds should be frozen. There will also be a vote on a bug bounty system to prevent future hacks.