Transactions on the Binance blockchain, also known as BNB Chain and Binance Smart Chain, were halted today after a potential exploit in the network was detected through a spike in “irregular activity.”
The initial announcement was posted to Twitter by BNB Chain at 9:19 pm EDT, saying there would be a temporary pause on the BSC network. By 9:35 pm EDT, however, the network pause turned into a halt.
“All systems are now contained, and we are immediately investigating the potential vulnerability,” the group tweeted. “We know the Community will assist and help freeze any transfers.”
According to blockchain security firm SlowMist, the exploit allowed cybercriminals to get away with over $570 million in digital assets, including Ethereum, Polygon, BNB Chain, Avalanche, Fantom, Arbitrum, and Optimism.
“The attacker is spewing funds across liquidity pools and utilizing every bridge they can to get to safer chains,” blockchain developer @0xfoobar tweeted, adding that there was “complete chaos on the chain.”
The developer subsequently posted a screenshot of a dashboard displaying the distribution of the funds, with the question, “Is this diversification?”
BNB Chain assured the community that “all funds are safe.” The BNB tokens were not pre-existing tokens stolen from wallets, but instead wholly created by the attacker.
According to Sam Sun, a researcher at Paradigm, the hacker somehow convinced the Binance Bridge to send out 1 million BNB tokens. When it worked, the hacker used the same exploit to have another 1 million BNB tokens sent to an address they controlled.
By 4:20 pm PST, BNB Chain said that $7 million in assets had been frozen before it could be transferred but acknowledged that between $70 million and $80 million were stolen from the Binance Smart Chain.
Initial estimates for funds taken off BSC are between $70M – $80M.
However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen
1/2
— BNB Chain (@BNBCHAIN) October 6, 2022
The group acknowledged the efforts of the Binance community and security personnel and separately thanked a number of node providers “for their quick and decisive actions.”
Binance CEO Changpeng Zhao then posted an update pointed to a thread on Reddit where the company provided more technical details, and saying that “the current impact estimate is around $100m USD equivalent.”
The ultimate total value involved in the hack has yet to be determined, and currently varies based on how to account for the value of frozen versus transferred tokens.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/111433/binance-smart-chain-halted-over-potential-exploit-report