Hackers steal over $100 million from BNB Chain in an exploit

What’s new? On October 7, the BNB Chain network, developed by the Binance cryptocurrency exchange, faced a hack attack, as a result of which the attackers managed to withdraw more than $100 million in cryptocurrency. The attack was carried out by hacking into the BSC Token Hub bridge. The platform’s representatives have already frozen about $7 million of the stolen funds.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.— CZ 🔶 Binance (@cz_binance) October 6, 2022

What else is known about the incident? BSC Token Hub is a cross-chain bridge that enables token transfers between BNB Beacon Chain and BNB Smart Chain.

According to Binance CEO Changpeng Zhao, hackers managed to exploit the vulnerability, resulting in extra BNB tokens and the opportunity to conduct a double-spending attack. The exchange’s team asked validators to suspend Binance Smart Chain to solve the problem.

At the moment, the network is stopped, and the problem is localized. Representatives of the company published a code update for validators, which is designed to block the hacker’s accounts and freeze the transfer of stolen assets.

What is BNB Smart Chain? It is the world’s largest blockchain by the number of transactions and users, created by Binance in 2022. More than 1300 decentralized applications (dApps) are built on the platform. The network has the native token, BNB. In June, BNB Chain announced an increase in decentralization and the capacity of the blockchain, as well as an increase in the number of validators.

As of October 7, 08:00 UTC, BNB is trading at $285,1, having dropped by 3,55% per day.

In September, the DeFi protocol of Wintermute, a market maker, was subjected to a hacker attack, which resulted in the loss of about $160 million in cryptocurrency. Cybersecurity expert James Edwards said that a member of the project’s team may have been behind the hack. He came to this conclusion after analyzing the smart contract code.