Criminals were able to exploit a loophole in Binance Bridge and tried to get away with at least €100 million worth of crypto, the company admitted.
Binance Bridge is a cross-chain platform that allows crypto users to trade tokens from one chain (eg Ethereum) to another (eg Binance Chain). Bridges are often riddled with flaws and as such are a major target for cybercriminals. Some of the biggest thefts in crypto have come as a result of an exploited bridge (think Ronin Bridge, Wormhole, Harmony, and others). In fact, blockchain analytics firm Chainalysis recently reported that more than €2 billion was stolen in bridge hacks this year alone.
Create tabs from scratch
In this particular case, the attacker did not steal anyone's tokens, but instead discovered a flaw that allowed him to create additional tokens out of thin air. In a Reddit post last night, Binance representatives explained that someone abused an exploit on a cross-chain bridge, BSC Token Hub, “resulting in additional BNB.”
“We have asked all validators to temporarily suspend the BSC. The problem is now contained. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly," the announcement read.
Binance stepped in to suspend the entire chain until the issue was resolved, while Tether blacklisted the account.
However, the jury is still out on exactly how much money was taken and where it ended up. While Binance's Reddit post claims between €100-110 million, a DeFi developer calling himself “foobar” claims the figure is closer to 2 million BNB, or €600 million.
"Thanks to the community and our internal and external security partners, approximately €7 million has already been frozen," the Reddit post concludes. While the speed with which Binance is tackling the issue is commendable, it has raised the issue of decentralization of the chain among many cryptocurrency users.
Via: BleepingComputer (Opens in a new tab)