$100 Million in Cryptocurrency Gets Stolen by Hackers from Binance Bridge

An exploit on a cross-chain bridge that stole about $100 million in digital assets was discovered by BNB Chain, a blockchain connected to the Binance cryptocurrency exchange.

BSC Token Hub, a native cross-chain bridge connecting BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), was impacted by an exploit, it was reported last week. The low level proof was expertly forged into a single common library to create the exploit.

The exploit on the cross-chain bridge “resulted in excess BNB,” according to Changpeng Zhao, CEO of Binance, which led to a temporary suspension of the Binance Smart Chain (BSC).

Binance stated earlier this February that BNB, which stands for “Build and Build” (formerly known as Binance Coin), is the blockchain gas currency that “fuels” transactions on BNB Chain.

Since the BSC Token Hub bridge’s weakness allowed the unidentified threat actor attacker to illegally generate fresh BNB tokens, no user funds are believed to have been affected.

According to blockchain security firm SlowMist, the attack entailed the withdrawal of two million BNB in two transactions, but the chain’s suspension stopped the theft of approximately $430 million in cryptocurrency.

It follows the attacks on the Axie Infinity, Harmony Horizon, and Nomad bridges as the most significant instances to target cross-chain bridges this year, which enable the movement of assets between blockchains.

In August, the blockchain analytics company Chainalysis reported that 13 cross-chain bridge attacks had resulted in the theft of $2 billion in cryptocurrencies, or 69% of the total assets taken in 2022.

Additionally, the development coincides with the disclosure by cybersecurity firm Bitdefender of information about a cryptojacking effort that used Microsoft OneDrive’s known DLL side-loading flaws to create persistence and spread cryptocurrency mining software.

In a similar development, Trend Micro disclosed that an attacker going by the name of Water Labbu attacked 45 cryptocurrency-based scam websites run by other criminals in an effort to steal victims’ money and transfer it to a wallet under their command.

“In a parasitic manner, the threat actor compromised the websites of other scammers posing as a decentralized application (DApp) and injected malicious JavaScript code into them,” the company said in an analysis last week.

Leave a Comment

Your email address will not be published. Required fields are marked *