$570M Binance Hack: What Happened & Who Is Responsible?

Contents

Summary Of The Attack

  • In response to a cyberattack on October 4, 2022, which resulted in the theft of about two million BNB (Binance Coin) tokens, exchangeable for over $570 million in fiat currency.
  • The BSC Token Hub cross-chain bridge, which connects the BNB Beacon Chain/BEP2 and BNBChain/BEP20 chains, was exploited by the hacker.
  • As quickly as possible, the hacker started distributing some of the funds around other liquidity pools in an effort to convert the BNB into other assets.
  • Binance plans to hold on-chain governance votes to decide whether to offer a 10% bounty for finding the hacker and returning the funds and to set up a bug bounty program to award $1 million to those who report serious bugs.
.

What Happened?

In response to a cyber attack on October 4, 2022, which resulted in the theft of about two million BNB (Binance Coin) tokens, exchangeable for over $570 million, at the moment of article writing.

In order to conduct an investigation, Binance paused the BNB Smart Chain on October 6th, 2022, after acknowledging a security incident.

Binance paused the BNB Smart Chain on October 6th, 2022

Later that day, the CEO of Binance disclosed that an exploit was used in the BSC Token Hub to send BNB to the attacker, after which Binance had asked all validators to suspend the Binance Smart Chain, as well as that the issue is contained at the moment and that customers funds are safe.

What Was The Impact?

Initial estimates put the amount of money removed from the Binance Smart Chain at $100M and $110M.

However, an estimated $7M was quickly frozen owing to the community, internal teams at Binance, and outside security partners.

The breach allowed hackers to get away with approximately $570 million in digital assets, including:

  • Ethereum
  • Polygon
  • BNB Chain
  • Avalanche
  • Fantom
  • Arbitrum
  • Optimism

In the wake of the breach, BNB’s price fell by about 3.7%.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates

How The Attack Happened

BSC (Binance Smart Chain) was started out as a fork of Ethereum, which represents a protocol and decentralized blockchain.

In the world of cryptocurrencies, bridges function in a sense by locking funds on one side of the bridge and then receiving an equal amount of other funds on the other side of the bridge.

Bridges are beneficial for connecting blockchains, but because they frequently require a central storage location to lock deposited assets, they are generally seen as being less secure than base-layer networks like Bitcoin and Ethereum.

The BSC Token Hub cross-chain bridge, which connects the BNB Beacon Chain/BEP2 and BNBChain/BEP20 chains, was exploited by the hacker.

Merkle tree example

Data in smart contract blockchains are stored in trees. The Cosmos ecosystem’s AVL tree implementation is used by the Binance Bridge.

The data representation is known as the Merkle tree. Hash functions are used to validate these trees. Hashes are proven up the tree from the leaf nodes to the root.

Who owns what can be altered if someone is able to manipulate the data in leaf nodes while still producing hashes that are validated as accurate by higher-up nodes.

This suggests that someone might have been able to forge those proofs.

Who Is Responsible?

The attacker, now known as the “BNB bridge exploiter,” appears to have registered as a relayer for the BSC Token Hub bridge as the initial step in the attack so they could set up for the exploit.

The BSC Token Hub bridge was able to accept forged proof messages created by the attacker.

convert the BNB into other assets

The bridge’s failure to completely verify the Merkle tree to the root hash likely caused the problem, allowing the attacker to create forged proofs from an earlier, legitimate one and mint BNB directly to their wallet.

The attacker was able to forge proof messages that were accepted by the BSC Token Hub bridge.

The bug likely resulted from the bridge not fully verifying the Merkle tree to the root hash, which allowed the attacker to generate forged proofs from a previous, legitimate one and then mint BNB directly to their wallet.

The attack proved to be unique because the attacker did not steal existing funds, but rather minted new ones.

As quickly as possible, the hacker started distributing some of the funds around other liquidity pools in an effort to convert the BNB into other assets.

Not Binance’s First Hack

This is not Binance’s first significant hack.

The hacker stole over 7,000 bitcoins from the exchange in 2019, costing Binance almost $40 million.

Although the funds were never found, the business compensated customers for their losses.

The theft is the most recent in a string of attacks against blockchain bridges, which enable cross-blockchain transactions via so-called smart contracts.

The theft of Nomad for $191 million happened in August. Prior to that, there was the:

What Is Binance’s Response?

Binance plans to hold on-chain governance votes to decide whether to:

  • Offer a 10% bounty for finding the hacker and returning the funds.
  • Set up a bug bounty program to award $1 million to those who report serious bugs.
  • Freeze the hacked funds.
  • Use BNB auto-burn to restore the remaining hacked funds.

Cross-chain bridges have emerged as the most frequent target of ultra-high value hacks in recent years, in part because they constantly hold enormous amounts of cryptocurrency tokens.

Article by

Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Categories

The Breach Report

Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.

Related Breaches