Crypto exchange Binance announced that hackers accessed about $570 million of its cryptocurrency this week. The hack was first made public on October 6 through a Reddit post where the world’s largest cryptocurrency exchange explained that a cross-chain bridge linking BNB Beacon Chain (BEP2) with its BNB Smart Chain (BEP20 or BSC) was exploited, enabling the hackers to cart away a significant volume of its BNB token.
Cross-chain bridges are smart contracts that allow the automatic transfer of digital assets across connected blockchains. Per the company, a bug in the bridge’s smart contract allowed hackers to perform forgery of transactions. They were then able to send money back to their crypto wallet.
At current prices, the total BNB tokens hackers drained amounted to about 2 million tokens, according to a release by Binance’s BNB Chain Team. Company officials were able to minimize the losses and got it under $100 million. “Thanks to the assistance of all the security experts, projects, and validators, the vast majority of the funds remain under control,” the post read.
The transactions could not be stopped at once, as Binance explained that the closure of the decentralized chains was delayed due to the number of validators on its BNB Smart Chain. Per the post, BNB Smart Chain has 26 active validators at present and 44 validators in total, all in different time zones. Validators are software developers who verify transactions on a blockchain network and ensure crypto assets go to the intended destination. To speed up its response time in case of possible recurrence, the company said it is working to increase the number of validators.
On October 7, CEO Chanpeng Zhao took to Twitter to assure users that the issue has been “contained.” “Your funds are safe,” he said as he promised to provide further updates as they come.
In response to the theft, Binance suspended all transactions on its blockchain network. That would, however, not be for long as the company promises to “move towards further decentralization.” Decentralization, Binance believes, is an essential part of Web3’s future.
The incident had a quick effect on the value of BNB as it had already dropped by more than 3% by the morning of October 7, according to CoinMarketCap.
This would be the latest of funds stolen using crypto bridges this year as blockchain analytics firm Chainalysis estimated that about $1.9 billion worth of cryptocurrency was lost to hacks from January through July. Wormhole, a popular bridge linking the Ethereum and Solana blockchains, lost about $320 million in a February hack. After that, a record $615 million was stolen from Axie Infinity’s Ronin Network after a security breach in March. A more recent case was in August when hackers exploited a flaw in an upgrade to the cross-chain bridge Nomad. Almost $200 million worth of cryptocurrency was siphoned off.
As Binance moves to overcome the situation, it will be conducting on-chain governance votes to determine some actions. Two of the proposed measures are targeted at the hackers responsible for the theft. First, a decision will be made on whether to freeze the hacked funds or not. Also, the company is looking to set up a Bounty for catching the hackers responsible, with up to 10% of the recovered funds to be offered as a reward.
In a bid to completely eliminate the losses, the use of its BNB Auto-Burn to cover the rest of the hacked funds is going to be considered. The Auto-Burn system is a mechanism used to regulate BNB’s circulatory supply and limit it to a total of $100 million BNB.
In order to avoid future occurrences of such attacks, a Whitehat program to detect bugs could be set in place, with up to $1 million up for grabs for the discovery of each significant bug.
Ahead of the decisions, the company said it is trying to investigate the cause of the hack and will share lessons on more advanced security measures to close up vulnerabilities on its network. It also promised to introduce a new on-chain governance mechanism on its BNB Chain to stand as a defense against possible attacks in the future.