Binance Hit By $570m Crypto Theft
Hackers steal $570 million of Binance BNB crypto tokens amidst soaring thefts from cross-blockchain bridges
Binance, the world’s largest cryptocurrency exchange by volume, said hackers have stolen about $570 million (£514m) from its systems, in a fresh blow to the crypto industry after months of collapsing prices.
The company initially estimated the thieves had made off with $100m to $110m, but later said hackers had taken two million of the company’s BNB tokens, with a value of about $284 each.
The hack targeted BSC Token Hub, a bridge that allows tokens to be transferred from one underlying platform – or blockchain – to another.
Due to irregular activity we’re temporarily pausing BSC. We apologize for the inconvenience and will provide further updates here.
Thank you for your patience and understanding.
— BNB Chain (@BNBCHAIN) October 6, 2022
‘Funds safe’
‘Funds safe’Binance founder and chief executive Changpeng Zhao said no customer funds had been taken.
“The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Zhao said.
Binance asked the validators of BSC Token Hub to pause their work for about eight hours in order to ensure the issue was contained.
Zhao said the hackers exploited a bug that created extra BNB tokens on the network.
The hacker lied to the bridge and provided an invalid proof that was incorrectly accepted as valid by the bridge due to a bug.
The bug is somewhere in https://t.co/6LdmLWbF6u
I’m not sure what exactly the bug is right now but Sam shared one possibility – https://t.co/1FGiOuaWWg
— Mudit Gupta (@Mudit__Gupta) October 7, 2022
Crypto thefts soar
Binance and other crypto networks were able to freeze the majority of the stolen funds, with Binance saying there remained about $100m of unrecovered funds.
Attacks on cross-chain bridges have soared this year, with Elliptic estimating that about $1.83bn had been stolen from bridges in total up to August 2022, with $1.21 of that taken this year alone.
Some of those thefts include a heist of more than $600m from the Ronin bridge at Axie Infinity in March, the $190m theft from bridge provider Nomad in August and a $100m loss by California-based Harmony in June.
Bridges make attractive targets because the complexity of transferring tokens from one blockchain to another means they may contain bugs that hackers can exploit, industry watchers have said.
North Korean hackers
A number of the biggest crypto thefts, including the Axie Infinity heist, have been attributed to North Korean state-backed hackers.
Attacks on crypto exchanges are an important revenue source for North Korea, which uses the illicit funds to finance its missile programmes, according to a February United Nations report.
