Binance blockchain suffers $570mn hack
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Hackers have stolen around $570mn in tokens from Binance, in a rare blow to the world’s biggest crypto exchange and another dent to the troubled digital assets industry struggling to regain trust after a collapse in prices.
Binance initially estimated on Friday that tokens worth about $100mn to $110mn had been taken, pausing the operation of the affected blockchain for approximately eight hours.
However, the exchange later disclosed that the hacker had taken around two million of the cryptocurrency BNB, Binance’s own digital token, with a value of around $284 each. The hack targeted BSC Token Hub, a bridge between two Binance systems.
It comes at a time when digital assets are trying to recover from a credit crisis that wiped nearly two-thirds off the value of its most high-profile tokens such as bitcoin. Industry data have also indicated that theft from projects is soaring this year.
Cyber criminals had taken nearly $2bn this year to the end of July, nearly double the total in the first seven months of last year, according to data from Chainalysis. High-profile thefts included $600mn from the blockchain behind popular crypto-gaming platform Axie Infinity. Many hacks have been traced to state-sponsored actors in North Korea.
Binance’s position as the world’s largest crypto exchange means Friday’s exploit represents a significant blow to the digital assets industry.
In a series of social media posts Changpeng Zhao, Binance’s founder and chief executive, told users: “The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.”
Binance asked the affected network’s validators, who secure the system, to pause their work. The funds were taken from BSC Token Hub, a bridge that allows customers to transfer tokens tied to one chain to another. The hack exploited a weakness that created extra BNB tokens on the network, according to Zhao.
Many of the world’s most widely used blockchains, such as Binance Smart Chain and Ethereum, run on separate technologies or use different tokens. That means investors and developers cannot easily move their tokens to a different blockchain to use or trade them elsewhere.
Binance’s security team and other crypto network operators have steadily been freezing the stolen assets. By Friday afternoon a Binance spokesperson said there was around $100mn of unrecovered funds.
Binance Smart Chain allows the world’s largest crypto exchange to open its doors to let developers build applications that use smart contracts, based on Binance’s own token. Binance launched the new chain in September 2020, at a time when the crypto industry was seeing widespread interest in decentralised finance projects.
Letter in response to this article: