Binance Smart Chain Was Momentarily Halted Following $560 Million Hack

Key takeaways:

• BNB Chain’s token bridge was hacked for $560 million worth of BNB
• Binance Smart Chain was temporarily halted and a series of hotfixes implemented following the attack
• Hackers were able to take off with $100M – $110M worth of digital assets

Attackers exploited a vulnerability in BSC Token Hub

On Thursday, a blockchain bridge connecting BNB Smart Chain and BNB Beacon Chain was exploited for 2 million BNB (roughly $560 million at current market rates) worth of digital assets. 

According to a blog post shared by the BNB Chain team earlier today, an attacker, or a group of attackers, found an exploit in the cross-chain bridge called BSC Token Hub. Binance CEO Changpeng “CZ” Zhao first informed the broader community about the unfortunate event via a Twitter post earlier in the day.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

— CZ 🔶 Binance (@cz_binance) October 6, 2022

Out of the total amount of funds stolen, between $100 million and $110 million was taken off chain, while the remaining hacked funds are still on BSC, awaiting a governance vote that will decide whether they will be frozen or not.

Following a shutdown and a series of quick updates approved by BSC validators, BNB Chain was back online earlier today at around 6:30 AM UTC. 

BSC validators restarted the blockchain with several hotfixes

As a response to the largest hack in BSC’s history, a software update was quickly pushed to fix the code that allowed attackers to take out the multi-million dollar attack. In our limited technical knowledge, it is worth noting that the update doesn’t seem to address the root issue but rather aims to prevent a similar thing from happening until a more comprehensive solution is implemented.

Update📢 BSC validators are coordinating to bring back BNB Smart Chain (BSC) in an hour with the latest release https://t.co/d2gIsRlGDC

It includes:
1.Stopping hacker accounts from acting

1/2

— BNB Chain (@BNBCHAIN) October 7, 2022

According to a post made by the BNB Chain team, the most recent software release includes a fix that prevents hacker accounts from acting. In addition, the cross-chain communication between BNB Beacon Chain and BSC has been disabled.

It is worth noting that In the coming days, the BSC community will vote on a series of proposals, including how to reimburse hacked funds, whether to implement a $1 million bounty for those that find bugs in the future, and how big of a bounty to put on hackers (up to 10% of recovered funds, per the team).