- Due to a flaw in its cross-chain bridge, the BSC Token Hub, and Binance Smart Chain transactions were halted.
- The hacker allegedly tricked the Binance Bridge into moving 1 million BNB tokens, according to Sam Sun, head of security at Paradigm.
- For instance, only this year, cross-chain bridge hacking led to the theft of nearly $2 billion worth of cryptocurrency.
Early on Thursday, the Binance Smart Chain’s transactions were stopped due to a vulnerability on its cross-chain bridge, the BSC Token Hub. Initial estimates suggest that hackers managed to escape with between $100 and $110 million in stolen money. The CEO and co-founder of the Binance Network, Changpeng Zhao (CZ), announced the exploit on Twitter and assured users that their money was secure.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.— CZ 🔶 Binance (@cz_binance) October 6, 2022
Sam Sun, head of security at Paradigm, claims that the hacker successfully tricked the Binance Bridge into transferring 1 million BNB tokens. After the vulnerability was successful, the hacker sent 1 million additional BNB tokens using the same technique, but this time to a controlled address.
One of the most significant cryptocurrency exploits in history would have involved 2 million BNB tokens, which would be valued at more than $540 million. The amount was confirmed by the blockchain security company SlowMist in a tweet, which also said that ETH, MATIC, BNB, AVA, and other tokens were among the looted assets.
A recent hack on $BNB resulted in losses of about $500,000,000. The hacker is currently attempting to transfer the money across all networks to launder it
read the tweet.
Fortunately, the actual scope of the hack is thought to be far smaller as a result of the community’s containment and mitigation efforts. Additionally, network validators were requested to temporarily halt BSC transactions to frustrate the hacker’s attempts to move money off-chain.
The hacker was only able to move between $100M and $110M off-chain, of which “an estimated $7M has already been frozen,” according to the official blog post. The fact that the tokens that were taken did not belong to BSC users, but rather were fully made by the attacker, maybe the biggest source of relief.