Transactions on the Binance blockchain, commonly known as the BNB Chain and the Binance Smart Chain, were paused today after a possible network vulnerability was discovered via an increase in “irregular behavior.”
BNB Chain made the original notice on Twitter at 9:19 p.m. EDT, stating that there will be a short stop on the BSC network. However, at 9:35 p.m. EDT, the network pause had transformed into a complete shutdown.
“All systems are now isolated, and we are examining the possible vulnerability quickly,” the firm tweeted. “We are certain that the community will support and aid in freezing any transfers.”
According to the blockchain security firm SlowMist, the flaw enabled fraudsters to steal more than $570 million in digital assets like as Ethereum, Polygon, BNB Chain, Avalanche, Fantom, Arbitrum, and Optimism.
“The attacker is pouring cash across liquidity pools and using any bridge they can to get to safer chains,” blockchain engineer @0xfoobar tweeted, adding that the network was in “complete chaos.”
The exploit in details
This breach has the potential to be “either the first or second largest hack of all time,” @0xfoobar told Decrypt in a direct message, albeit the actual damage will be substantially smaller given the community’s mitigating measures.
The entire worth of the hack has yet to be calculated, and it presently differs depending on how the value of frozen vs moved tokens is accounted for.
“All monies are secure,” BNB Chain told the community. The BNB tokens were not taken from wallets, but were entirely produced by the attacker.
According to Sam Sun, a Paradigm researcher, the hacker persuaded the Binance Bridge to give out 1 million BNB tokens. When it succeeded, the hacker used the same attack to send another 1 million BNB tokens to an address under their control.
By 10:20 p.m. EDT, BNB Chain had announced that $7 million in assets had been stopped before being moved, but it had also admitted that between $70 million and $80 million had been taken from the Binance Smart Chain.
The organization commended the Binance Smart Chain community and security employees for their efforts, and separately complimented a number of node providers “for their rapid and prompt steps.”
Binance CEO Changpeng Zhao then tweeted an update, directing readers to a Reddit thread where the business revealed further technical data and said that “the current effect estimate is roughly $100m USD equivalent.”
“A cross-chain bridge exploit, BSC Token Hub, resulted in excess BNB,” Zhao stated.
According to @0xfoobar, this attack is comparable to the previous Ronin and Harmony Cross-Chain Horizon Bridge vulnerabilities. “Ronin was a private key attack, and [Harmony Bridge] was broken cryptography—the particular approach differed slightly, but the underlying concepts of failed cryptographic verification were the same.”
He highlighted that “broken proof verification allows hackers to fabricate arbitrary messages.”
Expert in: Google Ads, SEM Expert, PPC Specialist, Paid Social, Facebook, Web Design and DeFi. I work exclusively with successful businesses that are looking to take things to the next level or ambitious startups who give themselves the means to do so. I have experience in many verticals: SaaS, finance, cryptocurrency, retail, real estate, law, IT, medical, pharmaceutical, travel and many more.