Binance’s BNB token worth $570 million was stolen in another major crypto hack
Cryptocurrency exchange Binance temporarily suspended its blockchain network after hackers made off with around $570 million worth of the BNB token.
Binance said late Thursday that a cross-chain bridge connected to the BNB chain was targeted, allowing hackers to move GDP tokens from the network. So-called cross-chain bridges are tools that allow the transfer of tokens from one blockchain to another.
The company said it had worked with network validators – entities or individuals that verify transactions on the blockchain – to stop the creation of new blocks on the BSC, suspending all transaction processing while a team of developers investigates the breach.
Binance is the world’s largest crypto exchange by trading volume.
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in additional BNB. We have asked all validators to temporarily suspend BSC,” Changpeng Zhao, Binance’s CEO, said in a tweet Thursday evening.
“The issue is now resolved. Your money is safe. We apologize for the inconvenience and will provide further updates accordingly.”
BNB Chain has since resumed operations.
In total, hackers drained 2 million BNB tokens — about $570 million at current prices — from the network, Binance’s BNB chain said in a blog post on Friday.
The hack was caused by a flaw in the bridge’s smart contract that allowed hackers to spoof transactions and send money back to the crypto wallet, according to crypto security firm Immunefi. Smart contracts are bits of code on the blockchain that allow agreements to be executed automatically without human intervention.
“As with many bridge designs, there is one central point that holds most of the funds moving through the bridge,” Adrian Hetman, technical lead for the triaging team at Immunefi, told CNBC.
“Ultimately, the bridge was tricked into providing funds from that contract.”
The value of BNB fell more than 3% on Friday morning to $285.36 per coin, according to CoinMarketCap data.
An earlier estimate by the company placed the total amount withdrawn in a range of $100 million to $110 million. The company also said it was able to freeze $7 million in funds with the help of its security partners.
A spokesperson for Binance told CNBC that the company was coordinating with BNB Chain validators to adopt an upgrade. That meant most of the funds remained in the exploiter’s crypto wallet, while around $100 million was “unclaimed”.
BNB Chain has 26 active validators currently and 44 in total in different time zones, the spokesperson added.
BNB Chain, originally known as Binance Chain, was first developed by Binance in 2019. Like other blockchains, it has a native token, called BNB, which can be traded or used in games and other applications.
It’s the latest in a series of major hacks targeting cross-chain bridges, with instances of sloppy construction making them a prime target for cybercriminals.
A total of around $1.4 billion has been lost due to cross-chain bridge breaches since the start of 2022, according to data from blockchain analytics firm Chainalysis.
The crypto industry has had a rough year, with roughly $2 trillion in value wiped since the peak of a powerful rally from 2020 to 2021. The implosion of the $60 billion blockchain venture Terra and a deteriorating macroeconomic environment have severely affected market sentiment.