Transactions on the BNB chain and Binance Smart Chain were halted after a “potential exploit” that drained an estimated $100 million in cryptocurrency was detected.
On Thursday, transactions on the Binance blockchain—BNB Chain and Binance Smart Chain (BSC)—were halted after a potential network exploit was detected. A spike in “irregular activity” prompted the BNB Chain team to suspend transactions, but an estimated $100 million were taken off-chain.
According to one blockchain developer, the BNB Chain hack could have been “either the first or second biggest hack of all time.”
Timeline of BNB Chain Exploit
The BNB Chain’s official Twitter account posted the initial announcement on Thursday, October 6, at around 9:19 PM EDT. According to the tweet, it was temporarily pausing BSC “due to irregular activity.”
However, several minutes later, at around 9:35 PM EDT, another tweet confirmed that the network pause had turned into a suspension of BSC activities after the BNB Chain team detected a “potential exploit.”
“All systems are now contained, and we are immediately investigating the potential vulnerability,” the group tweeted. “We know the Community will assist and help freeze any transfers.”
According to Sam Sun, a researcher at Paradigm, whoever hacked the BNB Chain was able to convince the Binance Bridge to release one million BNB tokens. When it worked, the hacker used the same manipulation to send another one million BNB tokens to an address they controlled.
On-chain data later revealed that the hacker made the two massive withdrawals from the BSC Token Hub through cross-chain swaps, bridges, and borrows. The BSC Token Hub is the clearinghouse for cryptocurrency transactions that move between the Binance-linked blockchain’s interlocking parts.
However, while initial token movements suggested the hacker targeted two million BSC tokens, the legitimate losses may be much lower. BNB Chain estimated $100 to $110 million in assets were taken off-chain, but by 10:20 PM EDT, the group said in a tweet that $7 million in assets had been frozen before these could be transferred. The group later acknowledged that $70 to $80 million were stolen from the BSC.
The stolen $100 to $110 million is comparatively a small sum of assets, underscoring the wisdom in the BNB Chain’s decision to suspend that chain instead of risking the loss of more assets. The group coordinated a shutdown of the chain as soon as it spotted issues with the BSC Token Hub protocol.
The BNB Chain thanked validators for their quick movements and assured the community that “all funds are safe.” That’s because stolen BNB tokens were not pre-existing tokens taken from wallets but were wholly created by the hacker.
“We are humbled by the speed and collaboration from the community to freeze funds,” one tweet from the BNB Chain group read.
The BNB Chain group likewise acknowledged the combined efforts of the Binance community and security personnel for their “quick and attentive response” and separately thanked several node providers for their “for their quick and decisive actions.”
Changpeng Zhao, CEO of Binance, later posted an update on Reddit where he provided more technical details regarding the exploit. He said, “the current impact estimate is around $100 million USD equivalent.”
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB,” Zhao explained.
Meanwhile, as of 7:00 AM UTC, the BNB Chain has resumed operations after working on and fixing the exploit.
Get more news updates
Get more NFT news updates at Omnimint News. For more information on Omnimint, and details on how to join our community, please follow our Twitter, or subscribe to our Telegram channel for more updates, and please feel free to submit your article.