Binance Smart Chain Faces Exploit Losing $100 Million Worth of Coins, Suspends Services

On Thursday, October 6, the Binance Smart Chain faced a major exploit with more than $100 million worth of BNB tokens stolen in a cross-bride attack. The cross-chain bridge connecting BNB Beacon Chain (BEP2) and BNB Chain (BEP20 or BSC) was attacked as per the initial investigative report.


Soon after, Binance Smart Chain decided to pause its service with founder Changpeng Zhao stating that the attacks has been “contained now”. “An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB,” he added.


The official Reddit handle of the Binance Smart Chain (BSC) noted: “We want to confirm that we coordinated with validators to temporarily suspend BNB Smart Chain (BSC) after having determined an exploit on a cross-chain bridge, BSC Token Hub- which resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly”.


Also, the initial estimates of the funds taken from BSC are somewhere between $100M - $110M. But with the help of their internal and external security partners, BSC has managed to freeze $7 million worth of funds.


Binance further stated that a “total of 2 million BNB was withdrawn”. The hackers managed to breach through a low-level proof into one common library. With the help of “security experts, projects, and validators,” a vast majority of the funds have remained under control.


Binance said that they will soon be introducing a new on-chain governance on the BNB Chain to fight and defend future possible attacks. It further added: "Looking at the broader picture, we have seen a series of attacks on targeting vulnerabilities in cross-chain bridges. We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities”.


Cross-chain bridge exploits have been getting very common. Since the beginning of 2022, more than $1 billion has been lost in bridge exploits. At the beginning of 2022, the Ronin Network Bridge hack drained more than $625 million in ETH and USDC. Similarly, $100 million was taken from Horizon Bridge as well as $190 million was taken from the Nomad Bridge in August 2022.