$570 million worth of Binance’s BNB token stolen in another major crypto hack
Cryptocurrency exchange Binance temporarily suspended its blockchain network after hackers made off with around $570 million worth of its BNB token.
Binance said late Thursday a cross-chain bridge linking with its BNB Chain was targeted, enabling hackers to move BNB tokens off the network. So-called cross-chain bridges are tools that allow the transfer of tokens from one blockchain to another.
The company said it had worked with network validators — entities or individuals who confirm transactions on the blockchain — to pause creation of new blocks on BSC, suspending all transaction processing while a team of developers investigates the breach.
Binance is the world’s largest crypto exchange by trading volume.
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC,” Changpeng Zhao, Binance’s CEO, said in a tweet Thursday evening.
“The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.”
BNB Chain has since resumed operations.
In total, hackers drained 2 million BNB tokens — about $570 million at current prices — from the network, Binance’s BNB Chain said in a blog post on Friday.
The hack was caused by a bug in the bridge’s smart contract that allowed hackers to forge transactions and send money back to their crypto wallet, according to crypto security firm Immunefi. Smart contracts are pieces of code on the blockchain that allow agreements to execute automatically without human intervention.
“As with many bridge designs, there is one central point that holds most of the funds that are moving through the bridge,” Adrian Hetman, tech lead of the triaging team at Immunefi, told CNBC.
“Ultimately, the Bridge was tricked into giving funds from that contract.”
The value of BNB sank more than 3% Friday morning to $285.36 a coin, according to CoinMarketCap data.
An earlier estimate from the company placed the total amount withdrawn in a range of $100 million to $110 million. The company also said it managed to freeze $7 million of funds with the help of its security partners.
A Binance spokesperson told CNBC the company coordinated with BNB Chain validators to enact an upgrade. That meant that most of the funds remained in the exploiter’s crypto wallet, while about $100 million was “unrecovered.”
BNB Chain has 26 active validators at present and 44 in total in different time zones, the spokesperson added.
BNB Chain, originally known as Binance Chain, was first developed by Binance in 2019. Like other blockchains, it features a native token, called BNB, that can be traded or used in games and other applications.
It is the latest in a series of major hacks targeting cross-chain bridges, with instances of sloppy engineering making them a prime target for cybercriminals.
A total of around $1.4 billion has been lost to breaches on cross-chain bridges since the start of 2022, according to data from blockchain analytics firm Chainalysis.
The crypto industry has had a rough year, with roughly $2 trillion in value being erased since the peak of a blistering rally from 2020 to 2021. The implosion of $60 billion blockchain venture Terra and a worsening macroeconomic environment have severely impacted market sentiment.