This year has proved to be bad for cryptocurrencies – prices of popular cryptos have been plummeting to new lows while billions have been lost – about $2 billion – in hacks over the past ten months. Now, their fortunes just took another turn for the worse as Binance confirmed that its blockchain network was the latest victim of a cyber-attack.
The world’s largest cryptocurrency exchange informed that hackers had looted millions from BNB Chain, its Binance Smart Chain blockchain network that has 26 active validators at present and 44 in total in different time zones. While initial estimates of the loot were at least $100 million – Binance CEO Changpeng Zhao tweeted that the impact of the breach was estimated to be between $100 million and $110 million – a blog post by BNB Chain informed that the hackers had made off with a total of 2 million BNB. This puts the amount to a staggering $570 million (approximately).
“The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance’s CEO, Changpeng Zhao, said in a tweet.
According to the blog post, there was an exploit that affected the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub.” It was through this avenue that the hackers made off with the millions. With this, the hackers were able to forge transactions and send money back to their crypto wallet.
Following the hack, BNB Chain was paused for a while as all deposits and withdrawals on the chain were suspended, and Binance confirmed that it was working with network validators to halt the creation of new blocks on BSC as investigations were underway. It added that it had managed to freeze $7 million worth of funds.
Later on, at around 6:30 PM IST, BNB Chain resumed operations as Zhao announced that the issue was “contained” and assured consumers that their funds were safe. Going forward, BNB Chain will be introducing a new on-chain governance mechanism to thwart similar cyber-attacks in the future.
