Binance Chain Temporarily Suspends Operations After Hack
BNB Chain temporarily suspended it's operations today after suffering an overnight hack that led to the loss of over $100 million.
Hackers attempted to steal $560 million worth of BNB from the BSC Token Hub (a bridge between the network’s chains). About $100 – $130 million were successfully transferred to other chains.
The BNB Chain got shut down for maintenance after the exploit, per an announcement from the company’s CEO, Changpeng ‘CZ’ Zhao. He stated that during the downtime there will be an investigation on the attack.
Later on, the team conducting the investigation shared that the network has restarted and is now fully functional, with the blockchain’s validators having resumed operations.
Weakness in BSC Token Hub
As security specialist “samczsun” reflected, the exploit occurred due to a bug in the bridge that allowed the attacker to forge security evidence. In a tweet, he explained that the incident could have been much more serious.
The BSC Token Hub is a bridge that allows assets to move between different blockchain protocols. When a user sends assets from one blockchain to another, the bridge locks the assets and produces a wrapped version of the funds in the target chain.
After the incident, the team turned off its validators – to completely shut down the network – while it investigates. The shutdown was also an attempt to stop the attacker and salvage the stolen funds. The idea was to potentially seize the funds that remained in the network which the attacker had not yet transferred to other chains.
READ MORE: China Explores Blockchain Technology For Trading Energy
$127 million of the exploited amount was sent from the bridge to other chains, including Ethereum, Arbitrum, Phantom, Polygon and Avalanche, according to data from security firm Slow Mist. You can see the funds’ transfer activity in the chart below.
Nearly $429 million has remained in the BNB Chain. While it has not yet been confirmed whether the team has frozen these funds, this seems to be the more likely outcome.
“Because BNB Chain has suspended its services, the hacker cannot currently move the $429 million into BNB’s network“, according to SlowMist.