Quantcast

CZ Binance Confirms BSC Cross-Chain Bridge Exploit

An attacker stole 2 million BNB, nearly $600M from the Binance crosschain bridge, Binance Token Hub.

CZ Binance Confirms BSC Cross-Chain Bridge Exploit
Photo by Fabio Lucas / Unsplash

Binance smart chain, the blockchain of the world's largest cryptocurrency exchange was suspended on Oct. 6 due to an "irregular activity" on the network that resulted in the loss of 2 million BNB, nearly $600M, according to on-chain data provided by sources on the popular social media platform Twitter.

Exploiters wallet address. Courtesy of Hsakatrades / Twitter

Blockchain security firm, Slowmist, reported that the initial funding for the BNB bridge—Binance Token hub— exploit came through ChangeNOW, a non-custodial instant cryptocurrency exchange.

The exploiter stole a total of 2 million BNBs in two transactions, deposited nearly $260M in Venus protocol, a decentralized protocol for lending on BSC, before spreading the funds across multiple Dapps, to launder the funds on more censorship-resistant Blockchains.

With transactions on BSC temporally halted, the exploiter has over $400M stuck on the network. Binance CEO reported the current impact estimate to be around $100M; the exploiter succeeded in taken off the funds from BNB chain, through EVM compatible-chains and L2s before the halt.

Samczsun, a researcher at Paradigm made a 21-part thread on Twitter, aimed at unravelling how the exploiter was able to "convince" the BNB cross-chain bridge to make a transfer of 1M BNB to them. Twice.

He concluded that the fons et origo of the unprecedented exploit is most likely due to a critical bug in the BNB chain bridge, stating that the damage could have been worse.

Meanwhile, Tether has blacklisted the exploiter's $4.7M USDT address.

It is still unclear at this time how the exploit was undertaken, however,  the CEO of Binance Chanpeng Zhao says the issue is contained, and user funds are safe.

Disclaimer:

Opinions expressed at Vestorportal.com are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. Vestorportal.com does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is Vestorportal.com an investment advisor. Please note that Vestorportal.com participates in affiliate marketing.

Support us:

BTC-(BTC): bc1qrja84qhn7299lmad79ch7flnca0lyq0alp6pdv

ETH-(ERC20): 0xEC06cbAfF0261e6Da0122Ae579a641B3e2303523