BNB Chain Re-Activates From Shutdown Following ‘Potential Exploit’ of $100 Million

BNB Chain Re-Activates From Shutdown Following ‘Potential Exploit’ of $100 Million

A Massive Exploit on BNB Chain

Service on the BNB Chain ground to a halt on October 6th after an exploit on its cross-chain bridge led to attackers syphoning $100 million in cryptocurrency. As of October 7th, 06:34 UTC,the network has resumed operations, according to a tweet by BNB Chain.

On Thursday, October 6th, BNB Chain announced a temporary pause of services due to “irregular activity” on the blockchain, before clarifying that the disruption was due to “possible exploits”. The BNB Chain team later reassured users that all systems were contained, and that the potential vulnerability had been investigated.

Following the incident, blockchain security firms SlowMist and PeckShield reported the occurrance of an exploit on the chain to the tune of approximately $500 million. According to Peckshield, the attackers siphoned 2 million BNB tokens, the network’s native token, which was valued at nearly $570 million by exchange rates at the time of the incident.

Initially, BNB Chain disclosed that funds valued between $70 – 80 million had been stolen from the BSC network. Approximately $7 million was frozen in the wake of the attack. 

How Much Was the Actual Exploit?

According to blockchain security firm SlowMist, the attackers stole 2 million $BNB in two transactions, depositing nearly $260M on the Venus protocol, a decentralized protocol used for lending on the BNB Chain. The hacker then laundered the funds on censorship-resistant blockchains by spreading the funds across several liquidity pools, decentralized exchanges, and lending protocols.

Samczsun, a researcher at Paradigm, delved into the details of the recent exploit in a Twitter thread. It appears that the hacker somehow managed to convince the Binance Bridge to send out 1 million BNB tokens. After the initial attempt was confirmed, the hacker then used the same method to send an additional 1 million BNB tokens to an address they controlled.

“In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages,” Samczsun explained in the Twitter thread. “Fortunately, the attacker here only forged two messages, but the damage could have been far worse.”

All activity on the BNB Chain was swiftly frozen, thereby preventing the attacker from moving the remaining assets off-chain. However, approximately $100 million worth of tokens were moved to Ethereum, Avalanche, Fantom, and other chains, while BSC retained the remaining $430 million. 

BNB Chain later confirmed in a Reddit post that between $100 – $110 million had been removed from the network.

$BNB’s price currently stands at $285.24, down from a 24h peak of $296.03, which marks a drop in value of 3.02%. 

On the Flipside

  • BNB Chain developers affirmed through a Reddit post that all user funds were secure. The Venus Protocol confirmed the same for Venus protocol user funds. 

Why You Should Care

Hackers have stolen more than $2 billion in crypto from cross-chain bridges this year alone, according to Chainalysis. The recent attack raises further concerns about cross-chain bridge security. 

Back to Top
Close Zoom
Don't push your luck