BNB Chain Halts After ‘Potential Exploit’, BNB Chain was forced to hit the brakes on Thursday after the blockchain with ties to the world’s largest crypto exchange by volume suffered what it called a “potential exploit” that on-chain evidence suggested could have targeted hundreds of millions of dollars in crypto.
BNB Chain is composed of BNB Beacon Chain and BNB Smart Chain (BSC).
“Due to irregular activity we’re temporarily pausing BSC,” BNB Chain tweeted from its official account, later confirming that the activity was a “potential exploit” that it characterized as contained. An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.— CZ 🔶 Binance (@cz_binance) October 6, 2022
Initial token movements suggested that up to 2 million BSC tokens, worth roughly $570 million, were targeted by an attacker late Thursday, but Binance CEO Changpeng Zhao estimated in a tweet the attacker was only able to get away with $100 million of that. BNB Chain also tweeted that $7 million of that amount was already frozen.
That such a small (comparatively speaking) sum of assets were stolen underscored the upside of BNB’s gamble to halt the chain rather than risk more assets escaping. Blockchains are purportedly decentralized beasts designed to operate beyond the whim of singular entities. You aren’t supposed to just flip an off switch.
BSC confirmed that it coordinated a shutdown of the chain after spotting issues with the BSC Token Hub protocol crypto near its peak, the clearinghouse for crypto transactions moving between the Binance-linked blockchain’s interlocking parts. It thanked validators for moving quickly.
“We are humbled by the speed and collaboration from the community to freeze funds,” one tweet read.
The chain has since come back online since then and BNB Chain announced that it will hold a series of on-chain governance votes that will decide whether the hacked funds should be frozen. There will also be a vote on a bug bounty reward system to prevent future hacks from happening.
The specter of an attack rocked BSC’s native BNB token, which after a sleepy day of trading dipped to $280.40 from $293.10, according to CoinMarketCap, which Binance owns.
On-chain data shows that this afternoon two massive withdrawals of 1 million BSC tokens from BSC token hub by an attacker that nabbed crypto assets with cross-chains swaps, bridges, and borrows. Regardless, BNB’s Twitter promised “all funds are safe” and said it will “help freeze any transfers.”
Twitter sleuths point out that Tether – the largest stablecoin provider – has blacklisted the offending address, suggesting that the firm suspects the movement of tokens was the result of an attack rather than something more benign.