Last night, a hacker managed to steal 2 million BNB tokens (more than $560 million) from the BSC Token Hub, the bridge used to transfer cryptocurrencies between the BNB Beacon Chain and the BNB Smart Chain. Part of the funds were frozen, but the hacker still managed to keep the equivalent of 100 million dollars on different blockchains.
BNB Chain saved by Binance and validators
Early at night, block production has been halted on Binance’s blockchain, the BNB Chainfollowing the exploitation of the BSC Token Hub bridge which could have cost over $560 million.
Due to irregular activity we’re temporarily pausing BSC. We apologize for the inconvenience and will provide further updates here.
Thank you for your patience and understanding.
—BNB Chain (@BNBCHAIN) October 6, 2022
“We are temporarily suspending the BNB Smart Chain following abnormal activity. We apologize for the inconvenience and will keep you posted here. Thank you for your patience and understanding. »
The first suspicions of hacking were issued by Zane Huffmanhead of strategy for decentralized finance (DeFi) platform Vesper Finance, on Twitter:
Some gigawhale (possibly Binance) is making a massive on-chain leverage play in real-time.
Looks like a huge concentrated bet: Long $ETH vs stablecoins using $BNB collateral.https://t.co/5GFCv8AEzR
— GREEN JEFF (The Bread #9) (@jeffthedunker) October 6, 2022
Indeed, after only 2 transactions, an unknown wallet transferred more than 2 million BNB tokens (over $560 million) on different blockchains and different protocols. At that time, it was impossible to know if the movements were the acts of a whale or if it is indeed a hack.
After multiple investigations, the BNB Chain teams confirm that the shutdown of the blockchain is due to a hack on the cross-chain bridge BSC Token Hubwhich is used to transfer tokens between the BNB Beacon Chain (BEP2) and the BNB Smart Chain (BEP20 or BSC).
Although the hacker transferred some of the stolen cryptocurrencies, 80% of the funds (~430 million dollars) remained on the BNB Chain, the majority of the funds were therefore frozen following the shutdown of the blockchain. The network has been updated with additional code to prevent the hacker from being able to transfer their funds.
At the time of writing these lines, BNB Smart Chain is restarted and block production has resumed.
Note that many people have not failed to criticize the speed at which the blockchain could be shut down, sign of a certain centralization of the blockchain due to its reduced number of validators.
👉 Find 7 best practices to protect your cryptocurrency portfolio from a hack
How did the hacker do it?
At present, the methodology used by the hacker has not yet been confirmed via a post mortem official, but according to @samczsuna researcher at Paradigm, he would have exploited the code of the BSC Token Hub to “convince” him to transfer 1 million BNB tokens to him twice.
Either Binance was finally running the biggest giveaway that Web3 had ever seen, or the attacker had found a critical bug
— samczsun (@samczsun) October 6, 2022
“Either Binance has decided to launch the biggest airdrop Web3 has ever seen, or the hacker has found a critical flaw. »
Without going into details, the Binance bridge must verify certain information when a request is sent to it to transfer cryptocurrencies, and the hacker would have found a way to bypass these checks.
“In summary, there was a bug in how Binance Bridge checked evidence, which could have allowed attackers to tamper with arbitrary messages. Fortunately, the attacker only tampered with two messages, but the damage could have been much worse. »
Once the first million BNB tokens are in his possession, the hacker deposited them on the DeFi Venus Finance protocolin particular to borrow $150 million of stablecoins (USDC, USDT, BUSD) before swapping them to obtain $53 million in the form of Ether (ETH), $57 million in the form of PHM tokens and finally $400,000 in the form of MATIC tokens.
The other million BNB tokens obtained were sent in full to the Stargate bridge.
Overview of the hacker’s wallet on the different blockchains
Thus, at this stage, all of the funds held by the hacker on the BNB Chain have been frozen, and Tether has blacklisted his address. It remains to be seen what he intends to do with his funds held on other blockchains.
The price of the BNB token was only slightly affected, however.. Indeed, following a fall, however impressive in the short term, the token stabilized around 285 dollarsa difference of 8 dollars with its initial price of 293 dollars before the wind of panic.
👉 Read also – A market maker suffered a $160 million hack and is open to negotiations
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
Passionate about the world of decentralized finance and the novelties brought by Web 3.0, I write articles for Cryptoast to help make the blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
Maximilien Prue
404 items
