Criminals were able to exploit a flaw in Binance Bridge and tried to get away with at least $100 million in cryptocurrencies, the company has admitted.
Binance Bridge is a cross-chain platform that allows cryptocurrency users to exchange tokens from one chain (for example, Ethereum), to another (for example, Binance Chain). The bridges are often riddled with flaws, and as such are a major target for cybercriminals. Some of the biggest crypto heists came as a result of an exploited bridge (think Ronin bridge, Wormhole, Harmony, and others). In fact, blockchain analysis firm Chainalysis recently said that more than $2 billion were stolen in bridge hacks, this year alone.
Creating tokens out of thin air
In this particular instance, the attacker did not steal anyone’s tokens but rather discovered a flaw that allowed them to create additional tokens out of thin air. In a Reddit post published late last night, Binance representatives explained that someone abused an exploit on a cross-chain bridge, BSC Token Hub, “which resulted in extra BNB”.
“We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” the announcement reads.
Binance moved in to pause the entire chain until the issue was resolved, while Tether blacklisted the account.
However the jury is still out on exactly how much money was taken, and where it ended up. While Binance’s Reddit post claims anywhere between $100M and $110M, a DeFi developer going under the pseudonym “foobar” claims the figure is closer to 2 million BNB – or $600 million.
“Thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” the Reddit post concludes. While Binance’s speed at tackling the issue is commendable, it raised the question of the chain’s decentralization among many cryptocurrency users.