BNB Chain, the network which powers BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), has resumed operations following an attack on its cross-chain bridge, BSC Token Hub, draining around $100 to $110 million in cryptocurrencies.
BNB Chain Temporarily Suspends Transactions
Transactions on the chain were suspended on Thursday at around 9:19 pm EDT after hackers exploited a potential bug found in its BSC Token Hub, which allows the movement of assets and data between BEP2 and BEP20 contracts. The attacker specifically targeted BEP20, linked to the world’s leading centralized exchange, Binance, causing anomalies in the network that resulted in more BNB.
Acknowledging the attack on Twitter, Binance CEO Changpeng Zhao (CZ) noted that the team had requested all the network validators to suspend BSC operations temporarily.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ ???? Binance (@cz_binance) October 6, 2022
Hackers Steal Two Million BNB
In an announcement with a detailed update on the hack, the cybercriminals manipulated the system through a “sophisticated forging of the low-level proof into one common library.” The exploit allowed the hackers to steal two million BNB.
The BNB team noted that decentralized chains were not designed to be stopped. However, it was able to mitigate the attack by seeking help from community validators.
“It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.”
With the combined efforts of security experts, validators, and other crypto projects, the BNB Chain team recovered most of the stolen assets.
The team also said there would be an on-chain governance vote to determine its next move regarding the exploits.
As a Decentralized Autonomous Organization (DAO) enabled network, the BNB Chain community will vote on the following proposals: what to do with the hacked funds and whether to use BNB Auto-Burn to cover the remaining hacked funds. The team also proposed introducing a white hat program for future bugs found with a $1M bounty for each significant.
