BNB Chain Suffers Exploit, $570 Million In Assets Lost

Binance's BNB Chain ceased operations today after the discovery of an exploit on its network. The exploit was detected based on a spike in irregular activity, according to Binance.

In a post-attack update, BNB Chain's developers said that over 2 million BNB tokens were stolen, an amount that's worth roughly $570 million (USD) based on $BNB's current price range of $285. BNB Chain initially announced the matter at 9:19 pm EDT on October 6th, 2022. The network has since paused its operations by 9:35 that same evening.

"All systems are now contained, and we are immediately investigating the potential vulnerability,” the team behind BNB said during the announcement of its network's breakdown. “We know the Community will assist and help freeze any transfers," they added.

SlowMist, a blockchain security and research firm, explained that the digital assets also included Ethereum, Polygon, Avalanche, Fantom, Arbitrum, and Optimism assets, aside from Binance's own BNB token. Reports indicate that the attack was launched across several liquidity pools and cross-chain bridges. The bridges were used either to mask or transfer the stolen assets, leading to an erratic blockchain trail of stolen funds.

Mitigation for the exploit was immediately done, and Binance's BNB Chain developers say that the exploit only affected the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20/BSC), which is alternatively named as BSC Token Hub, serving an array of other tokens coursing through its main bridge.

The attack vector and methodology was executed through a sophisticated set of low level proofs fabricated into a common library. A similarity between this most recent hack can be gleaned with what happened to the Ronin Network and the Harmony Cross-Chain Horizon Bridge exploits. The former represents a private key exploit, while the latter proceeded from unreliable cryptographic verification methods.

Sam Sun, a blockchain analyst at Paradigm, the threat actor duped Binance Bridge to send out 1 million BNB tokens with the use of the low level proofs. This process was repeated for another 1 million BNB. In response, BNB Chain froze some $7 million in assets, but later acknowledged that over $70 million in total assets was already stolen before any response or threat mitigation was implemented.

"The current impact estimate is around $100m USD equvilent, about a quarter of the last BNB burn." said Changpeng Zhao, CEO of Binance in an update via Twitter. Zhao also linked a technical analysis of the matter on Reddit.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.