Binance blockchain suffers $570 million hack
Hackers have stolen around $570 million in tokens from Binance, in a rare blow to the world’s biggest crypto exchange and another dent to the troubled digital assets industry struggling to regain trust after a collapse in prices.
Binance initially estimated on Friday that tokens worth about $100 million to $110 million had been taken, pausing the operation of the affected blockchain for approximately eight hours.
However, the exchange later disclosed that the hacker had taken around 2 million of the cryptocurrency BNB, Binance’s own digital token, with a value of around $284 each. The hack targeted BSC Token Hub, a bridge between two Binance systems.
It comes at a time when digital assets are trying to recover from a credit crisis that wiped nearly two-thirds off the value of its most high-profile tokens such as bitcoin. Industry data have also indicated that theft from projects is soaring this year.
Cyber criminals had taken nearly $2 billion this year to the end of July, nearly double the total in the first seven months of last year, according to data from Chainalysis. High-profile thefts included $600 million from the blockchain behind popular crypto-gaming platform Axie Infinity. Many hacks have been traced to state-sponsored actors in North Korea.
Binance’s position as the world’s largest crypto exchange means Friday’s exploit represents a significant blow to the digital assets industry.
In a series of social media posts Changpeng Zhao, Binance’s founder and chief executive, told users: “The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.”
Binance asked the affected network’s validators, who secure the system, to pause their work. The funds were taken from BSC Token Hub, a bridge that allows customers to transfer tokens tied to one chain to another. The hack exploited a weakness that created extra BNB tokens on the network, according to Zhao.
Many of the world’s most widely used blockchains, such as Binance Smart Chain and Ethereum, run on separate technologies or use different tokens. That means investors and developers cannot easily move their tokens to a different blockchain to use or trade them elsewhere.
Binance estimated that about $7 million of the tokens had been frozen by the crypto community and its security operations.
Binance Smart Chain allows the world’s largest crypto exchange to open its doors to let developers build applications that use smart contracts, based on Binance’s own token. Binance launched the new chain in September 2020, at a time when the crypto industry was seeing widespread interest in decentralized finance projects.
© 2022 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.
https://arstechnica.com/?p=1887987