Binance smart chain, the blockchain of the world’s largest cryptocurrency exchange was suspended on Oct. 6 due to an “irregular activity” on the network that resulted in the loss of 2 million BNB, nearly $600M, according to on-chain data provided by sources on the popular social media platform Twitter.
Blockchain security firm, Slowmist, reported that the initial funding for the BNB bridge—Binance Token hub— exploit came through ChangeNOW, a non-custodial instant cryptocurrency exchange.
The exploiter stole a total of 2 million BNBs in two transactions, deposited nearly $260M in Venus protocol, a decentralized protocol for lending on BSC, before spreading the funds across multiple Dapps, to launder the funds on more censorship-resistant Blockchains.
With transactions on BSC temporally halted, the exploiter has over $400M stuck on the network. Binance CEO reported the current impact estimate to be around $100M; the exploiter succeeded in taken off the funds from BNB chain, through EVM compatible-chains and L2s before the halt.
Samczsun, a researcher at Paradigm made a 21-part thread on Twitter, aimed at unravelling how the exploiter was able to “convince” the BNB cross-chain bridge to make a transfer of 1M BNB to them. Twice.
He concluded that the fons et origo of the unprecedented exploit is most likely due to a critical bug in the BNB chain bridge, stating that the damage could have been worse.
Meanwhile, Tether has blacklisted the exploiter’s $4.7M USDT address.
It is still unclear at this time how the exploit was undertaken, however, the CEO of Binance Chanpeng Zhao says the issue is contained, and user funds are safe.