BNB Chain suspends network following $100M cross-chain bridge exploit

Rumors of a significant exploit on the BNB Chain were confirmed by the blockchain’s team, with all deposits and withdrawals suspended on the network.

BNB Chain (BNB), the blockchain of crypto exchange Binance, was paused on Oct. 6 due to an exploit on its cross-chain bridge with attackers making off with an estimated $100 million worth of cryptocurrency.

The official Twitter account of the BNB Chain first announced the temporary pause due to “irregular activity” on the blockchain, but soon after added that it was due to a possible exploit. Binance provided an update that the blockchain was “under maintenance” suspending all deposits and withdrawals.

Rumors had earlier swirled on Twitter that the network had undergone a significant hack, with on-chain analytics showing alleged attackers exploiting roughly two million BNB, the chain’s native coin, a value of nearly $600 million.

A later update by a BNB Chain developer on Reddit confirmed the exploit had taken place, stating that the initial estimates for the value of the exploit are between $100 million and $110 million, with roughly $7 million frozen.

BNB Chain said the exploit, which was perpetrated on the BSC Token Hub, resulted in the creation of “extra BNB,” but reassured the public that its systems are contained, and user funds are safe whilst it continues to investigate the vulnerability.

Initial on-chain analysis by Twitter users before the official announcements showed the attacker claimed a one million BNB reward through the token hub, before depositing the balance into decentralized finance (DeFi) lending platform Venus Protocol.

They then borrowed $150 million worth of stablecoins spread across USD Coin (USDC), Tether (USDT), and Binance USD (BUSD) using cross-chain bridges to swap the tokens for Ether (ETH), Phantom Protocol (PHM) tokens and Polygon (MATIC) before the BNB Chain was paused.

The attacker again exploited another one million BNB which they placed into Stargate Protocol, another cross-chain bridge provider.

Related: $2B in crypto stolen from cross-chain bridges this year: Chainalysis

Zane Huffman, strategy lead for DeFi platform Vesper Finance concluded the attacker has made off with roughly $100 million from an initial exploit of nearly $600 million, the figure later provided by Zhao.

Huffman added the attacker has roughly over $400 million worth of digital assets frozen on the BNB Chain, with more possibly stuck in cross-chain bridges on the BNB blockchain side.

Stablecoin provider Tether has also blacklisted the address associated with the exploit.

Updated with further information from BNB Chain, Zhao and initial analysis from various sources.

Leave a Reply

Your email address will not be published. Required fields are marked *