Explained: How $600M was stolen from Binance’s BNB chain

Listen to this article.

On Thursday, Binance’s BSC Token Hub was hacked for two million BNB, its native cryptocurrency, worth approximately $586 million at the time of the incident. 

However, the attacker only managed to bridge a fraction of the loot to other chains before validators halted the network, blocking access to the $430 million remaining in the hacker’s BNB chain address. The chain has since been reactivated.

Data from the DeBank portfolio tracker shows the hacker had access to approximately $110 million in various cryptocurrencies across Ethereum, Avalanche, and Fantom networks, as well as L2s Arbitrum and Optimism. However, of this, an estimated $6.5 million in USDT has been frozen by Tether, the stablecoin’s issuer.

The attacked Token Hub is essentially a bridge allowing BNB to be sent to their smart contract blockchain, BNB Chain. The network, formerly known as Binance Smart Chain, is Binance’s DeFi ecosystem and the 3rd largest DeFi blockchain by Total Value Locked (TVL).

Blockchain security firm SlowMist tracked the hack.

In order to pull off the heist, the hacker sent falsified transactions which convinced the bridge’s code they had previously deposited two million BNB to the bridge, and that they were eligible to withdraw it again. The two withdrawals of one million BNB each were made just over two hours apart, minting the funds directly into the attacker’s address.

An official statement by the BNB chain team explained that “the exploit was through a sophisticated forging of the low level proof into one common library,” and that a detailed post-mortem report is to follow. However, anonymous blockchain security researcher samczsun shared a more detailed explanation of the hack on Twitter, pointing out that the attacker could have taken even more if they had wanted to.

Read more: Explained: Why hackers keep exploiting cross-blockchain bridges

This is the latest incident in a crypto crime-spree targeting blockchain bridges this year. So far, victims have included Nomad ($190 million) in August, Harmony ($100 million) in June, Ronin (over $600 million) in March, and Wormhole (more than $300 million) in February.

Blockchain bridges are complicated elements of infrastructure, but crucial if funds are to be sent between chains. By design, each blockchain is a closed system, so sending funds from one to another relies either on trusting funds to a centralized operator, such as a crypto exchange, or relying on experimental code.

For a deeper look into why bridges are a favorite for hackers, see our explainer.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.