Binance-linked blockchain suffers $570 million hack
No user fund was lost, according to the company
The cryptocurrency trading platform Binance, which bills itself as the world's largest crypto exchange by trading volume, has become the latest crypto business to fall victim to a major theft this year.
The firm said on Friday that hackers attacked a blockchain connected to Binance and stole two million Binance coin (BNB) cryptocurrency, valued around $570 million.
The BNB is the official exchange token of the Binance crypto exchange. It was first launched on the Ethereum blockchain before being moved to the Binance Smart Chain, now referred to as the BNB Chain. The BNB Chain is made up of the BNB Smart Chain (BSC) and BNB Beacon Chain (BSC).
BNB Chain said the bulk of the BNB that the hacker stole stayed in the thief's digital wallet address, while about $100 million worth was "unrecovered".
No user funds were lost, it added.
The BNB Chain contacted each of the chain's validators to "stop the incident from spreading." Chain's validators confirm whether transactions on the blockchain are authentic.
According to the firm, there are 44 validators across different time zones.
Earlier on Thursday morning, Binance tweeted that its blockchain network had been temporarily suspended "due to irregular activities."
Initial tweets from Binance CEO Changpeng Zhao indicated that a theft of cryptocurrency valued at $100 million had occurred.
"Your funds are safe," Zhao tweeted on Thursday night. "We apologize for the inconvenience."
In order to conduct the hack, the attackers targeted cross-chain bridge - software that enables crypto tokens to move between different blockchains.
The attackers sent themselves one million BNB tokens twice in a succession by taking advantage of a weakness in the Binance Bridge. Because of a bug in the smart contract, thieves were able to forge transactions and move money to their own wallets.
According to blockchain research company Elliptic, the large cryptocurrency reserves are enticing hackers and making blockchain bridges attractive targets for heists.
As of August 2022, around $1.83 billion has been stolen from bridges, the bulk of which ($1.21 billion) has happened this year alone, according to Elliptic.
Some of the biggest thefts this year include the more than $600 million breach of the Ronin bridge at Axie Infinity in March, the $190 million theft from cryptocurrency bridge provider Nomad in August, and the $100 million loss to California-based firm Harmony in June.
The BNB blockchain was out for nearly nine hours due to the latest attack. Since then, BNB Chain has resumed operations.
"The worrying thing about this is that Binance are not fools, Binance have got capital, resources and are able to hire the best," Paddy Cerri, chief architect at blockchain startup Minima, told Bloomberg.
"If they can't do this, who exactly can build a secure bridge?"
The complexity of bridges is one of the major challenges around building secure bridges, according to experts.
It is essential for bridge developers to have an in-depth understanding not just of how the software works, but also of how the many blockchains that it links to perform their jobs.
"I have studied distributed computing and consensus and yet I must say don't understand bridges well," said Paul Frambot, chief executive officer of crypto startup Morpho Labs, which developed a new protocol.
"This is very hard to understand well and so even harder to build secure ones."
BNB Chain has said that it would increase the total number of validators and implement a whole new "governance mechanism" to protect itself from any future attacks.