Binance Smart Chain Halted Over ‘Potential Exploit,’ $100m Taken Off Chain

https://gulfcrypto.ae/news/binance-smart-chain-halted-over-potential-exploit-100-million-taken-off-chain/

After a spike of “irregular activities” detected as a potential exploit in Binance’s blockchain, transactions on Binance were stopped today.

The initial announcementBNB Chain posted a tweet at 9:19 EDT stating that there would be a temporary suspension of the BSC network. The network pause became a halt at 9 :35 PM EDT.

“All systems are now contained, and we are immediately investigating the potential vulnerability,” the group tweeted. “We know the Community will assist and help freeze any transfers.”

SlowMist, a blockchain security firm, said that the exploit allowed cybercriminals more than $570 million in digital assets including Ethereum, Polygon and BNB Chain, Avalanche. Fantom, Arbitrum and Fantom.

“The attacker is spreading funds across liquidity pool and utilizing every bridge to get to safer chain,” blockchain developer @0xfoobarTwitter user, tweeting that there was “complete chaos in the chain.”

This hack had the potential of being “either the largest or second most important hack of all times,” @0xfoobar said. Decrypt via direct message, though the real impact will be significantly less given the mitigation efforts undertaken by the community.

The hack’s final value is still unknown. It varies depending on how to account the value of transferred and frozen tokens.

BNB Chain assured that “all funds were safe.” The attacker made the BNB tokens entirely from scratch and did not steal them from wallets.

Sam Sun, a Paradigm researcher, claims that the hacker convinced Binance Bridge to send 1 million BNB tokens. The hacker used the same exploit to send 1 million BNB tokens to another address that they controlled.

BNB Chain stated that $7 million of assets had been frozen by BNB Chain before they could be transferred. However, it acknowledged that $70 million to $80 million of Binance Smart Chain’s assets were allegedly stolen.

The group also acknowledged the efforts made by security personnel and Binance residents. thanked a number of node providers“For their quick, decisive actions.”

Binance CEO Changpeng Zhao later posted an update pointed to a thread on Reddit where the company provided more technical details, and saying that “the current impact estimate is around $100m USD equivalent.”

Zhao explained, “An exploit on cross-chain bridge, BSC Token hub, resulted into extra BNB.”

This hack is similar in nature to the recent Ronin/Harmony Cross-Chain Horizon Bridge exploits that @0xfoobar tells Decrypt. “Ronin was a private key operation. [Harmony Bridge] was broken cryptography—the exact methodology differs a bit, but same general principles of broken cryptographic verification.”

He explained, “Broken proof verification allows hackers to forge arbitrary texts.”