Binance says at least $100 million stolen in blockchain attack
>
Criminals were able to take advantage of a flaw in Binance Bridge and try to get away with at least $100 million worth of cryptocurrencies, the company has admitted.
Binance Bridge is a cross-chain platform that allows cryptocurrency users to exchange tokens from one chain (e.g. Ethereum) to another (e.g. Binance Chain). The bridges are often flawed and as such are prime targets for cybercriminals. Some of the biggest crypto heists came as a result of an exploited bridge (think Ronin bridge, Wormhole, Harmony and others). Blockchain analytics firm Chainalysis recently said more than $2 billion was stolen in bridge hacks this year alone.
Create tokens from scratch
In this particular case, the attacker didn’t steal anyone’s tokens, but rather discovered a flaw that allowed them to create additional tokens out of thin air. In a Reddit post published late last night, Binance representatives explained that someone was taking advantage of a cross-chain bridge exploit, BSC Token Hub, “resulting in additional BNB”.
“We have asked all validators to temporarily suspend BSC. The matter is now under control. Your money is safe. We apologize for the inconvenience and will provide further updates accordingly,” the announcement reads.
Binance stepped in to pause the entire chain until the issue was resolved, while Tether blacklisted the account.
However, the jury is still out on exactly how much money was taken and where it ended up. While Binance’s Reddit post claims somewhere between $100 million and $110 million, a DeFi developer under the pseudonym “foobar” claims the figure is closer to 2 million BNB – or $600 million.
“Thanks to the community and our internal and external security partners, an estimated $7 million has already been frozen,” the Reddit post concludes. While Binance’s speed in tackling the issue is commendable, it raised the question of the chain’s decentralization among many cryptocurrency users.
Through: BleepingComputer (opens in new tab)