‘Your funds are safe’: Binance’s BNB Chain hits pause as news of huge hack dips BNB token
Binance today announced a halt to the operation of its BNB Chain after a reportedly large DeFi (decentralised finance) exploit to the tune of about US$100 million.
Crypto Twitter was abuzz this morning (AEDT) regarding the issue, with initial estimations even pointing to a loss of more than US$560 million in stolen BNB, which is the Binance blockchain’s governance token and a top 5 crypto.
Thankfully however, although still significant, it appears that the damage is nowhere near as severe as first thought.
Here was one such tweet from researcher @samczsun at the Paradigm crypto/web3 investment firm when the news first hit Crypto Twitter…
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down. pic.twitter.com/E0885Dc3lW
— samczsun (@samczsun) October 6, 2022
And here’s one of his updates:
In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse
— samczsun (@samczsun) October 7, 2022
Meanwhile, the well-known Binance CEO Changpeng Zhao, aka “CZ” has, of course, been tweeting out his clarifications, and estimated the current loss of BNB as US$100m, which he described as “about a quarter of the last BNB burn”.
BNB has an in-built, supply-reducing mechanism designed to make the token a deflationary asset over time, with the overall aim to reduce the coin’s total supply by 50% in the long term.
CZ also assured BNB holders that “your funds are safe” and that “the issue is contained”.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022
The current impact estimate is around $100m USD equvilent, about a quarter of the last BNB burn.
— CZ 🔶 Binance (@cz_binance) October 7, 2022
At the time of writing, there’s been plenty of speculation surrounding the attack and full details don’t yet seem clear, however it appears to have been a cross-chain bridge hack, which is the sort of vulnerability that’s been a bane for the crypto world for the best part of a year.
Several cross-chain bridging exploits have siphoned billions from the space – including US$2 billion in 2022 alone, according to this recent Chainalysis report.
In his Twitter thread (see further above), @samczsun details that the BSC Token Hub bridge was exploited in a way that resulted in it sending the hacker BNB (originally thought to be two transactions of 1 million BNB each). And it seems as if the tokens were not tokens already in existence, but ones created or freshly minted as a result of the exploit.
BNB Chain’s team meanwhile confirmed on Reddit that the estimate for the exploit loss is around US$100 to $110 million.
“Initial estimates for funds taken off BSC are between $100M – $110M,” the Reddit post noted. “However, thanks to the community and our internal and external security partners, an estimated $7m has already been frozen.”
The BNB token is currently down about 4% on the exploit news. At the time of writing, the BSC blockchain is still paused.
Stockhead has sought some further clarification from Binance (and Binance Australia) regarding the situation and will update this article when we know more.