The BNB Chain team has suspended the network amid the BSC Token Hub bridge hack. The hackers stole over $544 million worth of digital assets, but managed to withdraw only $100 million.
This reddit post contains a bit more detail.https://t.co/ENjBRvEWjT
— CZ ???? Binance (@cz_binance) October 6, 2022
“The initial estimate of the funds withdrawn from BSC is between $100 million and $110 million. However, due to the actions of the community, as well as our internal and external security partners, about $7 million has already been frozen,” a Binance spokesperson said on Reddit in a statement.
BSC Token Hub is the internal cross-chain bridge of the BNB Chain ecosystem. It enables the transfer of tokens between the BNB Beacon Chain governance blockchain and the BNB Smart Chain (BSC) consensus layer.
According to Binance CEO Changpeng Zhao, the attackers took advantage of an exploit that “led to the emergence of additional BNB.” The project team asked the validators to suspend the BSC.
The BNB Chain team has published a code update. Activation of the hard fork by validators will result in:
- blocking the attacker’s accounts;
- freezing asset transfers between BNB Beacon Chain and BNB Smart Chain.
Update???? BSC validators are coordinating to bring back BNB Smart Chain (BSC) in an hour with the latest release https://t.co/d2gIsRlGDC
It includes:
1.Stopping hacker accounts from acting1/2
— BNB Chain (@BNBCHAIN) October 7, 2022
The developers reported that after validators confirm their status, the network “works normally”. Infrastructure upgrades are ongoing.
????BNB Smart Chain (BSC) is running ok from 20+ mins ago.
The validators are confirming their status and the community infrastructure are upgrading as well.
— BNB Chain (@BNBCHAIN) October 7, 2022
Zhao stressed that “the problem is contained” and user funds “are safe.” According to BscScanat the time of writing, the network does not produce blocks.
According to DeBankthe cybercriminals’ address holds digital assets worth over $544 million — 80% of the funds (~$433 million) are in the BNB Chain network and cannot be withdrawn.
Paradigm researcher samczsun explained that a critical vulnerability in the BSC Token Hub allowed hackers to carry out a double-spend attack.
Either Binance was finally running the biggest giveaway that Web3 had ever seen, or the attacker had found a critical bug
— samczsun (@samczsun) October 6, 2022
According to SlowMist, an analytics company, the attackers financed the attack from addresses belonging to the ChangeNOW cryptocurrency exchange service. After executing the exploit, they contributed 900,000 BNB to the Venus Protocol landing page to open $147 million in overcollateralized positions.
The hacker stole a total of 2 Million BNBs in two transactions.
Then deposited 900,000 $BNB to @VenusProtocol as collateral to borrow:
~62M $BUSD
~50M $USDT
~35M $USDC pic.twitter.com/FvnA4pyqSt— SlowMist (@SlowMist_Team) October 7, 2022
The Venus Protocol team emphasized that user funds are safe. The developers explained that the hackers would either pay off the loan and liquidity would return to previous levels, or disappear with the borrowed stablecoins and positions would be “slowly liquidated.”
2/2 There are 2 options next:
*The borrower refunds hir/her loans, liquidity returns to the protocol immediately and APY drops back to normal.
*He/She doesn’t refund and disappear with the borrowed stablecoins = The account will accumulate interest and slowly get liquidated.
— Venus Protocol (@VenusProtocol) October 6, 2022
Recall that in September 2022, the market maker Wintermute lost $160 million in assets as a result of a hacker attack.
Read ForkLog bitcoin news in our Telegram – Cryptocurrency news, courses and analytics.
Found a mistake in the text? Select it and press CTRL+ENTER