The company admitted that criminals managed to exploit a loophole in the Binance Bridge and tried to get away with at least $100 million in cryptocurrency.
Binance Bridge is a multi-chain platform that allows cryptocurrency users to exchange tokens from one chain (for example, Ethereum), to another (for example, Binance Chain). Bridges are often riddled with flaws and thus are a prime target for cybercriminals. Some of the biggest cryptocurrency thefts came as a result of a bridge being exploited (think Ronin Bridge, Wormhole, Harmony, and others). In fact, blockchain analysis firm Chainalysis recently said that more than $2 billion has been stolen in bridge hacks, this year alone.
Create tokens out of thin air
In this particular case, the attacker did not steal anyone’s tokens, but rather discovered a flaw that allowed him to create additional tokens out of thin air. In a Reddit post published late last night, Binance representatives explained that someone abused a vulnerability on a cross-chain bridge, the BSC Token Hub, “which led to BNB’s surge.”
“We have asked all auditors to temporarily suspend BSC. The case is now contained. Your money is safe. We apologize for the inconvenience and will provide further updates accordingly,” the announcement read.
Binance has moved to pause the entire chain until the issue is resolved, while Tether has blacklisted the account.
However, the jury is still out on how much money was taken, and where it ended up. While Reddit’s participation in Binance claims between $100 million and $110 million, a DeFi developer under the pseudonym “foobar” claims the figure is closer to 2 million BNB — or $600 million.
The Reddit post concludes, “Thanks to the community and our internal and external security partners, an estimated $7 million has already been frozen.” While Binance’s speed in addressing the issue is commendable, it has raised the issue of blockchain decentralization among many crypto users.
Via: BleepingComputer (Opens in a new tab)