Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Hacker Exploits Bug to Steal Millions From Binance Bridge

Crypto Exchange Pauses BSC Smart Contract, Looks to Upgrade Node
Hacker Exploits Bug to Steal Millions From Binance Bridge
Image: Shutterstock

The world's largest cryptocurrency exchange suspended trading on a smart contract blockchain after a hacker took at least $100 million in stolen cryptocurrency. Independent observers say the attack on the Binance Smart Chain actually netted the hacker $586 million.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Changpeng "CZ" Zhao, chief executive of Binance, says the company asked all validators to suspend BSC and is resolving the issue. "Your funds are safe. We apologize for the inconvenience," Zhao tweeted. He linked to a Reddit post asserting that "the issue is contained now." BSC uses a consensus mechanism requiring multiple validators to approve transactions. The BSC blockchain runs in parallel with the Binance Chain.

The attacker found a vulnerability on the BSC Token Hub, a cross-chain bridge, by exploiting the smart contract blockchain's internal verification logic, which allowed for a "huge reward claim," cybersecurity firm PeckShield tells Information Security Media Group. PeckShield also estimates the total loss to be $586 million, saying that $89.5 million of the stolen funds have already been moved off the Binance Smart Chain.

The incident is the latest in a series of attacks on cross-chain bridges. Blockchain security company Chainalysis pegs the amount of cryptocurrency stolen from bridges this year at $2 billion. Attacks on bridges accounted for 69% of total funds stolen in 2022 through July, it says.

Cross-chain bridges allow the transfer of crypto assets and information across independent blockchains.

The attack appears to have begun around 10:00 p.m. UTC. At 11:51 p.m. UTC, Zhao said the stolen amount was $100 million. At around 1:00 a.m. UTC, the attacker's wallet showed about 2 million BSC tokens, an amount worth about $586 million, PeckShield says.

Popular crypto investigator @samczsun, who is a researcher at web3 investment firm Paradigm, explained the technical details of the attack process in a series of tweets:

In a bid to address the vulnerability, Binance appears to be working to fix the code with a node upgrade. "We request BSC Validators to get in touch with us within the next few hours so that we can plan a node upgrade," Binance's decentralized network BNB Chain tweeted.

It is unclear when the patch will be issued. "No ETA yet. Let's give the devs time to fully understand the root cause, implement the fixes, test them thoroughly, and then resume. Let's not rush it now," he added.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.