Crypto platform Binance has now fallen prey to a cross-chain bridge exploit. The exchange lost millions of dollars and had to halt operations on 6 October.
The final value that the hacker got away with has yet to be determined. Analysts are still trying to figure out how to assess the value of frozen versus transferred tokens. Initial on-chain analytics reportedly showed that there was an exploit resulting in the loss of roughly 2 million BNB, valued around $600 million. But a BNB Chain developer on Reddit later suggested that the estimated exploits could amount to anywhere between $100 million and $110 million, with roughly $7 million frozen.
Meanwhile, Binance CEO Changpeng Zhao too addressed the incident and assured users that their funds were safe in a Twitter thread. He further apologized “for the inconvenience and will provide further updates accordingly.”
However, after the incident BNB’s price has taken a hit, causing some concern among investors.
The crypto space has seen multiple attacks of this kind in 2022. One of the more famous cross-chain token bridge attacks involved cross-chain messaging protocol, Nomad, which lost nearly $200 million in August this year.
How the news broke
After operations were halted, initially, BNB Chain took to its official Twitter account to deny rumors about an exploit. They claimed, instead, that the pause was simply due to some “irregular activity” on the blockchain. Subsequently, though, they went on to confirm that the delay was in fact due to an exploit.
Following this, the team put out an update saying that the blockchain was “under maintenance” and suspended all deposits and withdrawals.
More about the exploit
A researcher at Web 3.0 firm Paradigm, Sam Sun claimed on Twitter that the Binance bridge had been “somehow convinced” by the hacker to send out a million BNB tokens. The hacker then got another million sent to an address that was being controlled by them.
Since then, the attacker has been spreading out the funds across liquidity pools and utilizing every bridge to get to safer chains, according to a well-known blockchain developer cited in Decrypt.
According to data from multi-chain portfolio tracker, DeBank, the hacker address holds more than $500 million worth of crypto. The holdings consist of ETH, MATIC and FTM.
Following the news of the hack, stablecoin provider Tether has also blacklisted the address associated with the exploit.