Enlarge image
Binance logo: The incident is embarrassing for the company
Photo: Darrin Zammit Lupi/ REUTERS
Disgrace for Binance: The blockchain "BNB Chain", also called "Binance Smart Chain", belonging to the world's largest exchange for cryptocurrencies, had to be stopped in a hurry.
The reason: A so-called bridge to this blockchain was hacked.
It has not yet been finally determined how big this hack will ultimately be.
However, one thing is clear: if it had worked the way the perpetrator or perpetrators had apparently planned, it would have been one of the biggest ever.
It would then have been the equivalent of well over half a billion dollars, which shouldn't have existed.
Now it is less – but by no means little.
"According to current estimates, the damage amounts to the equivalent of around 100 million dollars," Binance CEO Changpeng Zhao confirmed the incident on Twitter.
“The problem is contained.
Your deposits are safe,” he emphasized.
In fact, the hack does not affect Binance customers' balances.
Central appeal to the decentralized blockchain community
Rather, the perpetrator(s) exploited a vulnerability in a bridge called the BSC Token Hub.
Such bridges are used to transfer cryptocurrencies from one blockchain to another, in this case the »BNB Chain«.
Zhao and several observers confirmed that by exploiting the vulnerability, someone was able to generate two million new Binance Coins (BNB) from scratch, at least partially transfer them and exchange them for other cryptocurrencies.
A BNB was worth $285 on Friday, so two million of that would have been the equivalent of $570 million.
However, the "unusual activity", as the operators of the "BNB Chain" put it, was noticed and a race began.
The perpetrator or perpetrators tried to transfer the BNB, which was not supposed to exist, to other crypto exchanges as quickly as possible in order to be able to wash it and probably exchange it for real money at some point.
Blockchain security firm SlowMist observed the attempts and documented them on Twitter.
Meanwhile, Binance alerted all so-called validators of the "BNB Chain", i.e. those who verify all transactions on the blockchain, and asked them to stop the "BNB Chain", which was what happened.
This is remarkable because one of the most important properties of blockchains is their decentralization and thus their resistance to censorship: no single institution should be able to stop a blockchain.
But a case like this shows that it is indirectly possible.
In addition, other platforms put the address of the perpetrators on block lists.
Not the hack against a bridge
Because of this and because the "BNB Chain" was stopped, the perpetrator or perpetrators were no longer able to move their BNB.
At this point, however, they had at least managed to smuggle around $100 million worth of BNB from the “BNB Chain” that Zhao mentioned.
SlowMist comes up with similar numbers.
There have recently been several hacks against blockchain bridges.
Analysis firm Chainalysis estimates the total damage at $2 billion, much of it this year.
The perpetrator or perpetrators are still faced with the task of washing the stolen crypto assets and remaining permanently unrecognized.
