Binance Smart Chain (BSC), the blockchain behind the leading cryptocurrency exchange Binance has allegedly been exploited for $100 million. According to Changpeng Zhao, CEO of Binance, the exploit was perpetrated on the BSC Token Hub cross-chain bridge.
This BSC Token Hub cross-chain bridge is the link between BNB Beacon Chain and BNB Chain.
Consequently, Binance has placed a hold on all activities on the blockchain until investigations on the attack have been completed.
The firm is still checking to find the vulnerability and understand the extent of the attack. Binance through the Twitter handle of the BNB Chain assured the public and its users that their funds are safe. Also, the systems have been contained.
So far, the impact of the exploit is estimated to be around $100 million to about $110 million.
Through the help of its security partners and community, $7 million from the stolen fund has been frozen. Also, Binance plans to host a node upgrade although the date is yet to be disclosed.
A few of the node service providers who responded are Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, and NodeReal. The likes of Namelix. Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess, and Coinbase Cloud also participated.
Binance, the Latest in Cross-Chain Bridge Exploit
Notably, the coins hijacked from the protocol were not pre-existing BNB from the wallets of its users. Instead, they were BNB created by the hacker during the exploit.
Cross-chain bridge has been discovered to be the most utilized strategy that bad actors employ to carry out attacks. Since the beginning of the year, over $1 billion has been stolen through this means. In March, the Axie Infinity Ronin Bridge was hacked and about $625 million was withdrawn from the protocol.
This was the largest Decentralized Finance (DeFi) hack at that time.
In this case, cloning of secret codes gave the perpetrators access to the validators which are used to approve transactions. Likewise, the Nomad bridge was exploited in August leading to a loss of $190 million from the network. This time around, a simple copy/paste strategy was utilized.