Binance Hack Takes the Crypto Exchange for Around $100 Million

By Spencer Hulse Spencer Hulse has been verified by Muck Rack's editorial team
Published on October 12, 2022

Cryptocurrency took the world by storm, and while things have slowed down, it is still a massive market. It is also a massive target, with hackers and scams running rampant, including a recent hack of the world’s largest cryptocurrency exchange, Binance. The hack was confirmed last Thursday, and according to the exchange, the hackers managed to get away with around $100 million. Even then, the amount could have been much higher.

The hack exploited a vulnerability affecting the BSC Token Hub cross-chain bridge, something meant to facilitate the transfer of assets between independent blockchains. Upon noticing the vulnerability, the Binance blockchain suspended transactions and fund transfers with the help of network validators to prevent additional damage.

However, the vulnerability already allowed the hacker to forge messages, in turn allowing them to mint new BNB tokens. The one positive is that the newly minted tokens did not exist previously, meaning there were no users affected by the hack.

Still, the hack led to the withdrawal of a total of two million BNB, which comes out to around $570 million in fiat currency. Fortunately, the suspension of the Binance blockchain prevented all of the BNB from being transferred. Around $430 million in stolen tokens were held, with the hackers only managing to snag around $110 million, according to blockchain security company SlowMist.

Changpeng Zhao, chief executive of Binance, tweeted a similar conclusion. He said that the company estimated an impact of somewhere between $100 million and $110 million due to the breach. He went on to reassure people that the issue was contained and their funds were safe, promising further updates as they come.

Steps are also being taken to add a new on-chain governance mechanism on the chain to fight against potential attacks in the future. Though, for now, the chain is back up and running, refusing to allow the intrusion to hamper things for long.

But the speed at which it was resolved is not surprising. Cyberattacks are becoming all too common, so it comes as no surprise that things were handled with ease. One thing worth noting is how the vulnerability was exploited, though.

According to Adrian Hetman, who spoke to TechCrunch about the hack, the “Binance Bridge processes the proofs of transactions sending the money from one chain to another.” That is where the bug hid, with the hacker managing to forge a message that tricked the logic involved into thinking it was a valid message. Because of that, the BSC Token Hub went on to deliver the payout as if everything was normal.

Perhaps the attack was inevitable, considering Binance is a major target. The exchange handles 1.4 million transactions per second, which adds up to around $2 billion worth of assets per day.

It is not alone in being targeted, though. Hackers targeted Nomad using a cross-chain bridge in August, getting away with almost $200 million. Meanwhile, a hack saw $100 million stolen using a vulnerability in Harmony’s Horizon Bridge. The losses due to the increasingly popular cross-chain bridge hacks have piled up, reaching nearly $2 billion overall, and things show no signs of slowing down.

Tags
N/A
By Spencer Hulse Spencer Hulse has been verified by Muck Rack's editorial team

Spencer Hulse is the Editorial Director at Grit Daily. He is responsible for overseeing other editors and writers, day-to-day operations, and covering breaking news.

Read more

More GD News