The world’s largest cryptocurrency exchange binance got hacked and hackers made off more then $100 millions. In a blog post on Friday, the BNB Chain team said that a total of 2 million BNB worth about $568 millions were initially withdrawn by the hackers. But blockchain security company SlowMist says the attacker only managed to take about $110 million because the majority of the stolen tokens, worth about $430 million, couldn’t be transferred following the suspension of the BNB Chain.
Cross-chain bridge hacks have become a common occurrence in the past year. In June, a hacker exploited a vulnerability to steal $100 million from Harmony’s Horizon Bridge, and in August, attackers drained $190 million worth of crypto from the Nomad cross-chain bridge. So far this year, about $2 billion in cryptocurrency has been stolen in cross-chain bridge hacks, according to blockchain data firm Chainalysis.Hackers stole $625 million following the attack on Axie Infinity’s Ronin Bridge in March.
The Binance blockchain, also known as BNB Chain and Binance Smart Chain, took the rare step of suspending transactions and fund transfers after discovering a vulnerability affecting the BSC Token Hub cross-chain bridge. These bridges are designed to facilitate the transfer of assets from one independent blockchain to another.
The vulnerability in the BSC Token Hub bridge allowed the attacker to forge messages, enabling them to mint new BNB tokens. Since the stolen tokens were not preexisting tokens taken from wallets, no user funds were impacted.
“the company estimates the impact of the breach to be between $100 million and $110 million. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly” said Zhao.
When approached for comment, Binance spokesperson Ismael Garcia declined to comment beyond the blog posted by the BNB Chain team, which says that the BNB Chain is now back up and running. The blog post adds that a new on-chain governance mechanism will be introduced on the BNB Chain to fight and defend against future possible attacks.
“The bug itself lies in how Binance Bridge processes the proofs of transactions sending the money from one chain to another,” Adrian Hetman, tech lead of the Triaging Team at Immunefi, a web3 bug bounty program provider, told TechCrunch. “The logic checks the message proof, something a user submits, and proceeds with the payout if the proof is valid.”
“The hacker managed to forge such a message that it tricked the logic of the contract into thinking the message was indeed valid, even though the hacker didnt have valid claims to the funds. BSC Token Hub then proceeded with the payout as everything was valid,” said Hetman.
Writer & Editor: Ravikant Upadhyay (+91.8085883358)(Entrepreneur, Programmer, Trader, Investor, Writer, Reporter, Thinker, Mentor, Astrophile)
Business Cyber Hacking & Security Finance & Banking International Science & Technology Stock & Crypto Market
Keywords: binance, blockchain, BNB token, Breach, contract, hacked, karma, revenge, Security,