BNB Chain is back up as of 07:00 Coordinated Universal Time (UTC) on Friday after being forced to halt operations on Thursday due to an exploit that might have targeted hundreds of millions of dollars in cryptocurrency, according to on-chain evidence.
BNB Chain consists of BNB Smart Chain and BNB Beacon Chain (BSC). BNB Chain stated: “Due to irregular activity, we’re temporarily pausing BSC,” noting that the activity was a possible confined exploit.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022
Initial token movements showed that an attacker targeted up to two million BSC tokens on Thursday night; however, the number of tokens lost may be far lower. BNB Chain estimates that between $100 and $110 million in assets were removed from the blockchain but tweeted that $7 million was previously frozen.
That such a modest amount of assets were stolen highlighted the benefit of BNB’s bet to stop the chain rather than risk further assets fleeing. Blockchains are ostensibly decentralised creatures meant to run independently of the whims of single entities: you are not supposed to be able to turn them off.
BSC acknowledged that it coordinated a chain shutdown after identifying problems with the BSC Token Hub protocol, the clearinghouse for crypto transactions travelling between the interlocking pieces of the Binance-connected blockchain. It commended validators for their swiftness.
“We are humbled by the speed and collaboration from the community to freeze funds,” stated one tweet.
According to CoinMarketCap, which Binance controls, the price of BSC’s native BNB coin plummeted to $280.40 from $293.10 after the threat of an assault.
On-chain data reveals that today afternoon, an attacker stole 1 million BSC tokens from the BSC token hub using cross-chain swaps, bridges, and borrows, as shown by two massive withdrawals of 1 million BSC tokens. Regardless, BNB’s Twitter account stated that all funds are secure and that it will assist in freezing any transactions.
Twitter sleuths report that Tether, the largest stablecoin provider, has banned the offending address, indicating that the company feels the token transfer was the product of an assault as opposed to something innocent.
It appears that 2 million BNB was hacked.
— Miles Deutscher (@milesdeutscher) October 6, 2022