Binance says at least $100 million stolen in blockchain attack

(Image credit: Future)

Criminals were able to exploit a flaw in Binance Bridge and tried to get away with at least $100 million in cryptocurrencies, the company has admitted.

Binance Bridge is a cross-chain platform that allows cryptocurrency users to exchange tokens from one chain (for example, Ethereum), to another (for example, Binance Chain). The bridges are often riddled with flaws, and as such are a major target for cybercriminals. Some of the biggest crypto heists came as a result of an exploited bridge (think Ronin bridge, Wormhole, Harmony, and others). In fact, blockchain analysis firm Chainalysis recently said that more than $2 billion were stolen in bridge hacks, this year alone.

Creating tokens out of thin air

In this particular instance, the attacker did not steal anyone’s tokens but rather discovered a flaw that allowed them to create additional tokens out of thin air. In a Reddit post published late last night, Binance representatives explained that someone abused an exploit on a cross-chain bridge, BSC Token Hub, “which resulted in extra BNB”.

“We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” the announcement reads. 

Binance moved in to pause the entire chain until the issue was resolved, while Tether blacklisted the account. 

However the jury is still out on exactly how much money was taken, and where it ended up. While Binance’s Reddit post claims anywhere between $100M and $110M, a DeFi developer going under the pseudonym “foobar” claims the figure is closer to 2 million BNB - or $600 million.

“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” the Reddit post concludes. While Binance’s speed at tackling the issue is commendable, it raised the question of the chain’s decentralization among many cryptocurrency users.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.