Fraudsters get away with $100 million from the world’s largest crypto exchange
PARIS – Fraudsters stole roughly $100 million worth of cryptocurrency from Binance, the world’s largest crypto-asset exchange, the firm said Friday.
The total amount stolen was $580 million, but company chief Changpeng Zhao said about 80 percent had been frozen immediately and the damage was limited to less than $100 million.
He tweeted that “an exploit” in the system led to extra production of the exchange’s dedicated currency, BNB, but insisted the problem was “contained”, telling his seven million followers: “Your funds are safe”.
It is among the biggest thefts in cryptocurrency history and comes during a year in which fraudsters preying on the sector have made off with billions of dollars.
In the most damaging incident, blockchain game Axie Infinity was hacked for more than $500 million in late March.
Both scams exploited weaknesses in “cross-chain bridges” – the means that investors use to move assets from one blockchain to another.
Blockchains are digital ledgers that store details of transactions. Many cryptocurrencies rely on blockchain technology, including bitcoin.
A visual representation of Bitcoin, at the ‘Bitcoin Change’ store in Tel Aviv, February 6, 2018. (Jack Guez/AFP)
Binance, which boasted of handling $32 trillion worth of transactions last year, said in a statement that “a total of 2 million BNB were withdrawn,” valuing the heist at around $580 million.
Zhao later clarified in an interview with MSNBC that most of these coins were frozen.
A Binance spokesperson told AFP that quick response and coordination meant “the majority of funds remained at the exploiter’s address, while partners helped secure funds on other chains as well.”
“Complete Chaos”
Prominent crypto figures had taken to social media late Thursday and talked about a $600 million theft hours before the firm issued its first statement.
“Someone at BNB just got hacked for [roughly] 2 million BNB,” wrote a developer using the name foobar on Twitter.
“The attacker is spewing funds across liquidity pools and using every bridge they can to get to safer chains. Complete chaos on the chain.”
Experts have warned of security breaches on cross-chain bridges all year.
Chainalysis, a crypto analysis firm, said in August that bridging exploits had accounted for about $2 billion in thefts so far this year.
Elliptic, another research firm, said on Twitter that it helped track down the Binance funds.
In a report this week, Elliptic said bridges “tend to accumulate large amounts of locked assets on a variety of blockchains, many of which may not have advanced security or auditing cultures due to their relative obscurity.”
“This has made bridges an attractive target for cybercriminals in the past,” it added.
An illustrative image of a person typing on a keyboard as part of a cyber breach. (Techa Tungateja; iStock by Getty Images)
Governments are concerned that cryptocurrencies are being used to finance terrorism, circumvent sanctions and prop up repressive regimes.
Experts believe groups linked to North Korea have been behind some of the most high-profile robberies, including the Axie Infinity breach.
