BNB Chain resumes service after hacker siphons at least $100 million

Quick Take

  • BNB Chain has restarted the blockchain after being halted for several hours.
  • Hackers attempted to drain $560 million in BNB tokens overnight from the blockchain’s bridge, with more than $100 million successfully siphoned to other chains. 

BNB Chain restarted the blockchain on Friday after an overnight hack that stole more than $100 million and forced the network to shut down for several hours. 

Hackers attempted to drain $560 million in BNB tokens overnight from the BSC Token Hub, the network's cross-chain bridge, with anywhere between $100 million and $130 million siphoned to other chains, per data estimates from The Block.

Following the exploit, Changpeng Zhao, the CEO of BNB Chain founder Binance, tweeted that the chain would be down for maintenance as it investigates the attack and it would provide updates via Twitter. At 2:53 a.m. ET today, the team announced that the network had restarted. It is now running normally with the blockchain's validators having resumed operations. 

Around 6 p.m. ET on Thursday, an unknown hacker seized 2 million BNB tokens (worth about $560 million) from the network's bridge. According to security analysts and on-chain data, the exploit occurred due to a bug in the bridge that allowed the attacker to forge security proofs.

The BSC Token Hub is a bridging platform that enables assets to move across various blockchain protocols. When a user sends assets from one chain to another, the bridge locks the assets and mints a wrapped version of the funds on the destination chain. 

'There was a bug'

“There was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages,” pseudonymous security analyst samczsun explained in a tweet.

After the incident, the team responded by by turning off its validators — to completely stop the network — while it investigated. The halt was also an effort to stop the attacker in their tracks and salvage the exploited funds that remained on the network and which the attacker had not yet moved out to other chains. 

Data from security firm Slow Mist showed that, of the exploited amount, $127 million was sent from the bridge to other chains including Ethereum, Polygon, Arbitrum, Avalanche and Fantom. The majority (nearly $429 million) remained on BNB Chain itself. While it’s unclear if the team has frozen those funds, it’s the more likely outcome.

“Since the BNB chain has suspended services, the hacker is currently unable to move the $429 Million on the BNB network,” SlowMist wrote.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.