The crypto community is in shock as the global cryptocurrency exchange Binance’s BNB chain and Binance Smart Chain (BSC) gets halted after having determined a potential exploit worth $100 million.
Initially, the official Twitter account of the BNB chain hinted at an irregular activity which resulted in the temporary pause of the chain, but later it was confirmed to be a potential exploit.
Binance CEO Chanpeng Zhao aka CZ updated the community about the exploit by saying the event occurred at the BSC Token Hub, the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC), which resulted in extra BNB tokens.
The BNB tokens were not pre-existing tokens stolen from wallets, but instead wholly created by the hacker. CZ assured the community the funds are safe and the team is currently investigating the vulnerability.
BNB Chain later misinformed the initial estimates for funds taken off BSC are between $100M to $110M. “However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” the chain noted.
The BNB Chain is currently under maintenance and the exchange has halted all deposits and withdrawals via the BNB chain for the time being until there are further updates.
Blockchain security analytics firm Peckshield reported the hackers exploited about two million BNB from the token hub, approximately $600 million.
Before the formal disclosures by the exchange, the community conducted an initial on-chain analysis that revealed the hacker used the token hub to claim a reward of one million BNB before putting the remaining funds into the DeFi lending platform Venus Protocol.
They subsequently borrowed stablecoins worth $150 million distributed over USDC, USDT, and BUSD using cross-chain bridges to swap the tokens for Ethereum, PHM tokens, and MATIC before the BNB Chain got halted.
Meanwhile, Venus Protocol stated it experienced no exploit and all the funds are safe. The protocol added the hacker has used the Venus platform to open an overcollateralized position of around $254M and borrow around $147.5M against 900K BNB tokens deposited.
Venus noted if the borrower refunds their loans, then liquidity returns to the protocol immediately, and APY drops back to normal.
If they don’t refund and disappear with the borrowed stablecoins, the account will accumulate interest and slowly get liquidated.
Currently, the BSC validators are coordinating to bring back BSC in an hour with the latest version. BSC v1.1.15 is a hot fix and hard-fork release and the hard-fork height is 21962149.
In this node version, several blacklist addresses are prohibited for further transactions due to the exploit. The team asks all node runners to try to upgrade to the new version.
Native cross-chain communication between BNB Beacon Chain and BNB Smart Chain is disabled right now. If the users really do cross-chain transfers, their tokens will be frozen and released after the resume of relayers.
The BNB Chain team stated, “Validators and communities will discuss further upgrades to fully resolve the situation.”
The Binance CEO requested the community to give the developers more time to fully understand the root cause, implement the fixes, test them thoroughly, and then resume the chain.
“Let’s not rush it now. Thank you for your understanding, patience, and support,” CZ added.
The BNB chain exploit is one of the biggest high-profile hacks that happened recently and the hackers are getting more comfortable with their wrongdoings as time passes by. Last month we witnessed Wintermute’s $160 Million Hack which could allegedly be an insider job, per the latest reports.
Also Read: NFT Artist Beeple Warns Users of Hacked Discord URLs
