Another day, another crypto hack – but this is a big one.
A hacker stole nearly $600 million worth of cryptocurrency BNB, which is issued and maintained by popular crypto exchange Binance. The hack happened lated on Thursday and was investigated and reported on by security experts @samczsun and Igor Igamberdiev, among others.
According to samczsun, the hacker did so by tricking BSC Token Hub, a cryptocurrency bridge, to send them a little over 2 million BNB, worth roughly $586 million at the time.
Here’s a really quick primer on what’s what: BSC, or Binance Smart Chain, is a cryptocurrency platform for running decentralized apps, similar to Ethereum. BNB, or Binance Coin, is the cryptocurrency issued by Binance; think of it as Ethereum’s ether. And a bridge is a project that lets you move funds from one crypto platform (chain) to another.
According to samczsun’s analysis, the attacker leveraged a bug in the BSC Token Hub to forge arbitrary, allowing them to mint (create) BNB coins out of thin air.
Binance CEO Changpeng « CZ » Zhao confirmed the hack shortly thereafter. « An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly, » he tweeted.
While samcszun claims the stolen amount is much larger (and this is corroborated by actual transactions on chain), CZ claims that the « current impact estimate » is around $100 million. In an official post on Reddit, Binance said that the « initial estimate for funds taken off BSC are between $100 – $110 million, » and an estimated $7 million has already been frozen (meaning the hacker cannot move the coins). The discrepancy in numbers is likely due to Binance referring to the funds the hacker managed to move to other chains or make inaccessible in other ways.
This is not the first major hack impacting Binance. In 2019, Binance was hacked for roughly $40 million, with the hacker stealing roughly 7,000 bitcoinsfrom the exchange. The funds were never recovered, but the company covered customer losses.
The price of BNB dropped roughly 3.5 percent following the hack and is currently sitting at around $285 according to Coingecko.
Developing…