Hacker steals $566 million worth of crypto from Binance Bridge
Hacker steals $566 million worth of crypto from Binance Bridge
By Lawrence Abrams
October 6, 2022 08:30 PM 0
Hacker hacking
This article was updated on 10/7/22 with further information.
Hackers have reportedly stolen 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge.
Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker's wallet receiving two transactions [1, 2], each consisting of 1,000,000 BNB.
Soon after the hacker began spreading some of the funds across a variety of liquidity pools, attempting to transfer the BNB into other assets.
Hacker converting stolen BNB into other assets
Hacker converting stolen BNB into other assets
Source: @0xfoobar on Twitter
Binance acknowledged the security incident at 6:19 PM EST and paused the BNB Smart Chain while they investigated the incident.
At 7:51 PM EST, the CEO of Binance tweeted that an exploit was used in the BSC Token Hub to transfer the BNB to the attacker and that they had asked all validators to suspend the Binance Smart Chain.
"An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB," tweeted Binance CEO Changpeng Zhao.
"We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly."
While the majority of the stolen funds remain on the BNB Smart Chain, and are now inaccessible to the hacker, Binance estimates that between $70M - $80M were taken off-chain.
Working with partners in the cryptocurrency community, $7 million of those off-chain assets have already been frozen.
Update 10/7/22:
At approximately 2:30 AM EST Friday, Binance again resumed the BNB Smart Chain (BSC) and enabled deposits and withdrawals on Binance.
In a further update on Binance.com, the company apologized to the community for the attack and thanked partners and validators for their swift response.
While Binance says they will provide a postmortem with further details in the future, they confirmed that 2 million BNB was stolen using an exploit on the BSC Token Hub.
"There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub”," reads an update posted to Binance's website.
A total of 2 million BNB was withdrawn. The exploit was through a sophisticated forging of the low level proof into one common library."
By Lawrence Abrams
October 6, 2022 08:30 PM 0
Hacker hacking
This article was updated on 10/7/22 with further information.
Hackers have reportedly stolen 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge.
Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker's wallet receiving two transactions [1, 2], each consisting of 1,000,000 BNB.
Soon after the hacker began spreading some of the funds across a variety of liquidity pools, attempting to transfer the BNB into other assets.
Hacker converting stolen BNB into other assets
Hacker converting stolen BNB into other assets
Source: @0xfoobar on Twitter
Binance acknowledged the security incident at 6:19 PM EST and paused the BNB Smart Chain while they investigated the incident.
At 7:51 PM EST, the CEO of Binance tweeted that an exploit was used in the BSC Token Hub to transfer the BNB to the attacker and that they had asked all validators to suspend the Binance Smart Chain.
"An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB," tweeted Binance CEO Changpeng Zhao.
"We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly."
While the majority of the stolen funds remain on the BNB Smart Chain, and are now inaccessible to the hacker, Binance estimates that between $70M - $80M were taken off-chain.
Working with partners in the cryptocurrency community, $7 million of those off-chain assets have already been frozen.
Update 10/7/22:
At approximately 2:30 AM EST Friday, Binance again resumed the BNB Smart Chain (BSC) and enabled deposits and withdrawals on Binance.
In a further update on Binance.com, the company apologized to the community for the attack and thanked partners and validators for their swift response.
While Binance says they will provide a postmortem with further details in the future, they confirmed that 2 million BNB was stolen using an exploit on the BSC Token Hub.
"There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub”," reads an update posted to Binance's website.
A total of 2 million BNB was withdrawn. The exploit was through a sophisticated forging of the low level proof into one common library."
