How did Hackers steal More than $500 Million(approx. 2 Million BNB Tokens )? Explained

The BNB Chain had to stop all transactions due to an exploit. According to the BNB chain team: “There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub.” A total of 2 million BNB was withdrawn”. Based on the present token’s present market value, that is approximately $564 million.

The BNB chain team promised to provide more details once a thorough postmortem has been done.

Samczsun, a prolific crypto security researcher, enumerated in his tweet his finding on how the hack happened:

ZachXBT, a fellow researcher sent him the attacker’s address out of the blue. He saw an account with hundreds of millions of dollars. He surmised that there is a huge rug pull or massive hack underway.
His first thought was that the Venus Protocol was hacked again, but he quickly determined that the attacker really deposited $200 million. He knew he needed to determine the source of the money.
He concluded that the hacker simply convinced the Binance Bridge to send them 1 million BNB – twice.
He provided a lengthy technical explanation on how it happened. In a nutshell, the hackers exploited a bug in how the Binance Bridge verifies proofs which could have allowed them to forge arbitrary messages.
fortunately, the attackers were only able to do this twice.

Objective speaking the BNB chain team was able to quickly contain the situation. They contacted community validators one by one and asked them to temporarily stop all transactions.

Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down. pic.twitter.com/E0885Dc3lW
— samczsun (@samczsun) October 6, 2022

Binance founder and CEO Changpeng Zhao, popularly known as CZ, was also quick to dispel doubts by informing the public about what happened. He tweeted his apologies for the incident and gave assurance that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ 🔶 Binance (@cz_binance) October 6, 2022

The Crypto space is not new to such exploits, but negative news in the middle of a bear market will affect the already shaky confidence of investors. But we have to remember that even banks and traditional finance, which have been around for longer periods, are not 100% safe from attacks.

The quick actions and transparency of the BNB chain team is a step in the right direction. The price actions of BNB and crypto, in general, were not as bad as one would expect when a big hack happens. This is a good sign that the space is maturing.

We will provide updates when they become available.

[i] https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/