Binance, the world's largest crypto exchange, had $570 million worth of tokens stolen after hackers found an exploit in the Binance Smart Chain. The company went as far as temporarily halting all trading on its exchange in reaction to the theft, but has since resumed trading.
CNBC reports that hackers made off with 2 million Binance Coins, or BNB, about $570 million in value. Binance initially reported that only $100 million worth of tokens were stolen but later confirmed the larger amount on its blog after an internal investigation.
Binance CEO Changpeng Zhao took to Twitter to explain that "an exploit on the cross-chain bridge, BSC Token Hub, resulted in extra BNB." A bridge acts as a go-between so that you can transfer assets from one blockchain to another. Hackers used this exploit to forge transactions, essentially tricking the bridge into moving tokens off-network and into their digital wallets.
Binance worked with several network validators (people or groups who validate transactions on the blockchain) to halt the creation of new blocks and to pause all transactions while the company looked into the security breach.
Zhao said the issue is "contained now" and that "your funds are safe."
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.October 6, 2022
Binance told CNBC that most of the stolen tokens are still in the hacker's wallet and that $100 million was "unrecovered."
Binance says it will be holding an "on-chain governance vote" among validators in the next few days to address issues after the attack, like whether to freeze hacked funds or start a bounty program for catching bugs and hackers. Binance plans to share more information about how it plans to defend its blockchain from future cross-chain bridge attacks. The last time we saw a crypto heist this brazen was in 2021, when someone stole over $600 million in cryptocurrency from the Poly Network and weirdly ended up giving back half of it.
