As the blockchain and cryptocurrency industry grows, it increasingly becomes the target of larger and bolder attacks shaking the community, with the most recent one directed at the BNB Smart Chain (BSC).
Specifically, the hackers targeted BCS’s cross-chain bridge BSC Token Hub – the bridge between BNB Beacon Chain (BEP2) and BNBChain (BEP20 or BSC) – resulting in the suspension of operations on the entire chain, as the CEO of Binance Changpeng Zhao explained on October 7.
At roughly the same time, the suspension was also announced at the BNB Chain’s own Twitter account, which stated that:
Picks for you
“Due to irregular activity we’re temporarily pausing BSC. We apologize for the inconvenience and will provide further updates here. Thank you for your patience and understanding.”
Scope of the attack on BSC
According to the estimates by the blockchain security and analytics company PeckShield, the losses could be estimated to around $580 million:
“The total stolen funds from BSC TokenHub Exploiter are 2M BNB (~586M loss), and here comes the ~$89.5m stolen funds that have been moved off-chains to others (~58% to Ethereum, ~33% to Fantom and ~4.5% to Arbitrum).”
In the meantime, similar information was shared by blockchain security firm SlowMist, which stated that:
However, according to the BNB Chain’s Reddit account, “initial estimates for funds taken off BSC are between $100M and $110M. However, thanks to the community and our internal and external security partners, an estimated $7 million has already been frozen.”
The blockchain’s infrastructure at the moment seems to be back in full operation, as confirmed by BNB Chain on Twitter:
How it all happened
Around the same time, samczsun, the research partner at crypto investment firm Paradigm, explained in a series of tweets how the hack was carried out. According to him, “the attacker had somehow convinced the Binance Bridge to simply send them 1,000,000 BNB. Twice.”
The dead giveaways, as samczsun said, were the suspiciously low withdrawal amounts, as well as the length of the attacker’s proof, which “was significantly shorter that the legitimate withdrawal’s proof,” which lead him to believe “that the attacker had found a way to forge a proof for that specific block.”
After explaining all the technical details of the hack, the analyst concluded that:
“In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse.”
BNB social engagements soar as price plummets
Meanwhile, the hack seems to have caused a spike in Binance Coin (BNB) social engagements, which soared up to 27.26 million or 198.8% upon the news of the exploit, according to the data and chart published by the crypto social intelligence platform LunarCrush.
That said, the price of BNB currently stands at $285.20, down 3.04% on the day, as well as losing 0.56% across the previous week. The market cap of the fifth largest cryptocurrency by this indicator is $46.01 billion, according to CoinMarketCap data.
Disclaimer: The content on this site should not be considered investment advice. Investing is speculative. When investing, your capital is at risk.