Cyber-criminals recently made off with an estimated two million Binance coins (BNB) from a popular cross-chain bridging service, potentially netting themselves over $570 million. The heist was uncovered by Twitter user @samczsun, a researcher at crypto investment firm Paradigm, who detailed the exploit in a thread on the social media platform.
According to @samczsun, the hacker was able to exploit a vulnerability in the way the bridging service validates “proofs,” allowing them to request one million BNB from Binance Bridge on two separate occasions. This bug affected the BSC Token Hub, which acts as a bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC), as explained by Binance CEO, Changpeng Zhao.
In response to the breach, Binance temporarily suspended BSC to contain the issue and assure users that their funds were safe. Despite the potential value of the stolen funds, the threat actor was only able to move a fraction of the amount off the BNB Smart Chain, thanks to the quick actions of the crypto community.
Initial estimates suggest that between $100 million and $110 million was taken off BSC, but approximately $7 million has already been frozen with the help of the community and various security partners. Binance expressed gratitude for the swift and collaborative efforts of stakeholders in securing these funds.
The incident serves as a reminder of the importance of robust cybersecurity measures in the crypto space, as well as the value of community cooperation in mitigating the impact of such attacks. By working together, the industry can continue to safeguard digital assets and maintain trust in the evolving world of blockchain technology.