It’s been a rough year for cryptocurrency, and things are not looking any better after over half a billion dollars of cryptocurrency tokens were stolen from crypto giant Binance on Thursday night.
The exploit hit the Binance Bridge, a cross-chain bridge that allows for the transfer of tokens between two related blockchains operated by the Binance cryptocurrency exchange, and collectively known as BNB Chain. According to well-known smart contract analyst samczsun, the attacker was able to forge transactions that allowed them to withdraw two million BNB tokens from the bridge, worth roughly $570 million.
Funds estimated at around $87 million were removed from the BNB ecosystem entirely; but the remaining funds could not be immediately transferred because BNB Chain took the drastic step of halting the blockchain entirely, meaning no transactions whatsoever could be processed.
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB,” Binance CEO Changpeng Zhao said in a tweet posted soon after the attack. “We have asked all validators to temporarily suspend BSC [Binance Smart Chain].”
A tweet from the BNB Chain account said that the blockchain was running again as of the early hours of Friday morning. In an “ecosystem update,” the BNB Chain team apologized for the exploit, and said that the project would hold a series of on-chain governance votes to determine whether to freeze the hacked funds, and if a bounty should be offered for catching the hackers responsible.
“Looking at the broader picture, we have seen a series of attacks on targeting vulnerabilities in cross-chain bridges,” the blog post read. “We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.”
In recent years, cross-chain bridges have become the most common site of ultra-high value hacks, partly because they store very large sums of cryptocurrency tokens at any given time. While the earlier era of the cryptocurrency industry was characterized by frequent attacks on exchanges, security has greatly improved, and a hacker would need to breach numerous layers of security to withdraw funds. With cryptocurrency bridges, the ability to forge one valid transaction is in some cases enough to make off with a nine-figure sum.