The popular Binance Smart Chain (BSC) has been attacked resulting in the loss of almost $600 million worth of BNB tokens. This is one of the largest crypto hacks that took place in the last few years and the largest affecting the Binance ecosystem (some years ago, the Binance exchange was hacked for $40 million). BNB Chain has released an apology note to the community explaining the situation and how they are working to minimize losses.
$600 Million in BNB Tokens Stolen
Yesterday night, the recognized developer foobar informed on Twitter that an attacker was able to steal close to 2 million BNB tokens worth ($600 million USD at the time of the attack). Apparently, the attacker moved funds across different liquidity pools using every single bridge they could to get into safer chains. This has generated a “chaos” on the Binance Smart Chain, which was released some years ago to compete against Ethereum (ETH).
somebody on BNB just got hacked for ~2 million BNB ($600 million USD)
the attacker is spewing funds across liquidity pools and utilizing every bridge they can to get to safer chains
complete chaos on the chain
— foobar (@0xfoobar) October 6, 2022
As per the Twitter thread, the hacker was able to get a portfolio worth $532 at the time of the attack with assets on different chains, such as BNB Chain, Ethereum, Arbitrum, Optimism, Polygon, Fanton, Avalanche, and Polygon. It is worth pointing out that Tether has blacklisted the account and that other companies such as Circle could do it in the near future. This was one of the ways in which foobar confirmed the hack.
This situation pushed BNB chain to pause BSC. This is something that only centralized networks can do. Bitcoin, for example, cannot be shut down. This is why decentralization matters. This represents a difficult situation for Binance Chain. Even when they were able to stop further transactions inside the Binance Smart Chain network, it might be very difficult for blockchain analysts to find out where these funds moved, at least part of the funds.
According to BNB Chain, the vast majority of the funds remain under control. They have also mentioned that they will vote to determine four actions for the common good of BNB. These actions include freezing (or not) the funds, using the BNB auto-burn function to cover the remaining hacked funds, a program to fund bugs with $1m for each significant bug found, and a bounty for catching hackers and getting a reward of 10% of the funds.
The report released by BNB Chain reads as follows:
“Looking at the broader picture, we have seen a series of attacks on targeting vulnerabilities in cross-chain bridges. We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.”
Furthermore, they claim that the number of validators will continue to expand in the future in order to move towards further decentralization. The Binance Smart Chain was attacked in the past due to the fact that it was considered centralized. Now, with this hack, Binance Smart Chain proves to be fully centralized despite the claims saying that the network was under the control of the community.