Binance Network Suffers $560 Million Code Exploit

An exploit of a bug in the Binance-run blockchain network, BNB Chain, allowed a hacker to ‘trick’ the BNB Chain’s BSC Token Hub bridge into sending them roughly US$560 million worth of BNB tokens. This incident renewed concerns involving the security of cross-chain bridges.

The Binance team responded by suspending activity made on the Binance blockchain, freezing a majority of the stolen assets. It’s estimated that the hacker made off with roughly US$100 million worth of assets on other chains.

Within a day of suspension, BNB Chain tweeted that the bridge was up and running again:

📢BNB Smart Chain (BSC) is running ok from 20+ mins ago.

The validators are confirming their status and the community infrastructure are upgrading as well.

— BNB Chain (@BNBCHAIN) October 7, 2022

In the days following the hack, the price of BNB fell by 5-7%.

Investor funds safe, extra BNB created

BNB Chain is not the first cross-chain bridge to experience a major hack — around $US$625 million worth of WETH and USDC was drained from Ronin earlier in 2022, considered one of the biggest hacks in the history of crypto. 

As the BNB Chain hack was revealed, Binance CEO Changpeng ‘CZ’ Zhao quickly moved to reassure users, tweeting that funds were safe:

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

— CZ 🔶 BNB (@cz_binance) October 6, 2022

The ‘extra’ BNB were essentially created from nothing, through an exploit of the bridge’s code.

A detailed analysis tweeted by security expert @samczsun explains how the hack may have been carried out, summarising by saying, “there was a bug in the way that the Binance bridge verified proofs which could have allowed attackers to forge arbitrary messages.”  

Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down. pic.twitter.com/E0885Dc3lW

— samczsun (@samczsun) October 6, 2022

Next Steps: On-Chain Governance Vote

BNB Chain has said governance votes will determine how to approach the next steps in relation to whether to freeze the hacked funds, whether to use BNB Auto-Burn to cover the remaining hacked funds, and how to deliver a Whitehat program to find future bugs and reward hackers with bounties.

The platform also committed to contributing to a broader conversation about the vulnerabilities in cross-chain bridges, stating:

“We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.”

BNB Chain