Binance confirms BNB cross-chain bridge hack

Quick Take

  • The Binance Smart Chain has halted as an unknown actor apparently transferred millions of BNB, utilized across web3 lending protocols.
  • Binance said it paused the chain due to “irregular activity.”

UPDATE (1:30 a.m. ET): Binance announced an update saying that BSC validators are coordinating to bring back the chain “in an hour” with the latest release. That would in theory stop hacker accounts from acting and disable native cross-chain communication between BNB Beacon Chain and BSC.

All node operators should try to upgrade to the latest release listed here, Binance added.

UPDATE (8:10 p.m. ET): Binance CEO Changpeng Zhao has confirmed the occurrence of a cross-chain bridge exploit and shared details about the incident.

"An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC," Zhao wrote on Twitter. "The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly."

Zhao went on to explain that "[t]he current impact estimate is around $100m USD equvilent [sic], about a quarter of the last BNB burn."

Original report:

Binance said it would halt deposits and withdrawals via the BNB Smart Chain amid growing concerns over a hack of the network's official cross-chain bridge.

Word emerged earlier Thursday evening that more than $400 million worth of BNB tokens were transferred from the Smart Chain token hub to a new address. According to data from DeBank, the address in question holds more than $500 million worth of crypto, with holdings in ETH, MATIC and FTM, among others.

Amid the speculation about the exact nature of the transaction, the BNB Smart Chain was stopped. In a tweet, Binance said that the network is "is currently under maintenance."

"We will suspend all deposits and withdrawals via BNB chain temporarily until there are further updates," the exchange said. 

The official Twitter account for the BNB Smart Chain cited "irregular activity" as the reason behind the stoppage. 

"To confirm, we have suspended BSC after having determined a potential exploit.  All systems are now contained, and we are immediately investigating the potential vulnerability. We know the Community will assist and help freeze any transfers," the account said.

Additionally, the USDT holdings in the account were blacklisted as word of the potential attack spread.

The price of BNB was down as the market reacted to news of the apparent activity, trading around $282.30.

A representative for Binance was not immediately available to comment when reached.

Editor's Note: Headline and body updated with confirmation of a cross-chain bridge exploit by Binance.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.