A blockchain developer claimed to have found one of the biggest hacks of all time when a hacker reportedly managed to steal $566 million worth of Binance Coins.
The attacker seems to have started at 2:30 PM EST, stealing one million Binance Coins (BNB) twice, according to BleepingComputer. The hacker then began spreading the funds across liquidity pools in an attempt to launder the digital assets.
The incident was acknowledged by Binance at 6:19 EST and they claimed that they had paused the BNB Smart Chain as they investigated the theft. Changpeng Zhao, the CEO of Binance, said that an exploit in the BNB Smart Chain Token Hub was used to transfer the BNB to the attacker and that validators had suspended the smart chain.
Did The Hacker Steal From Other Accounts?
The Binance CEO said that the funds were safe and apologized for the inconvenience. It seems contradictory since over half a billion worth of coins were stolen, but this is the case regardless.
As mentioned in Decrypt by Sam Sun, a researcher at cryptocurrency liquidity network Paradigm, the hacker convinced the Binance Bridge to send out a million BNB tokens and then did the same thing twice when proven to be successful. In other terms, the hacker created fake assets which he then tried transferring off-chain.
The attacker is bridging the funds away from BSC and putting them in Ethereum, Fantom, and Abitrum blockchains.
Though, a Redditor said that the huge sum could be diluting the value of the other coins, so in a way, the hacker is actually stealing from everyone.
In the same thread, someone else countered the statement by saying that BNB has a burn mechanism that burns four times each time and that the biggest damage is the loss of trust in the Binance Bridge.
This also brings up the subject of BNB validators being closely centralized with Binance.
What is Being Done to Resolve the Incident?
In addition to asking all validators to suspend the BNB Smart Chain, they have claimed that the majority of the stolen funds were still in the BNB Smart Chain.
However, this means that some were already taken off-chain. An estimate of $70 million to $80 million is still accessible to the hacker, but $7 million worth of the off-chain assets were already frozen.
The Binance CEO said that the initial estimates for funds taken off the Binance Smart Chain are between $100M - $110M
According to u/DardaniaBNB, the quick response from node service providers helped a lot. Hash, Neptune, TW Staking, BSCScan, Legend, CertiK, Figment, NodeReal, Namelix, Defibit, Fuji, InfStones, MathWallet, Pexmons, Ankr, BNB48 Club, Avengers, Tranchess, and Coinbase Cloud were among those who helped.
The Effects of the Hack
Even if they tagged the incident as irregular activity, the news had already done some damage. As the news broke and spread like wildfire, the price of BNB fell 3.7%. It doesn't help that there have already been rumors on Twitter that the hack was an inside job and the BNB was stolen from a smart contract, as mentioned in beincrypto.com.