• Michael Bacina

Binance suspends BNB Chain after USD$570M exploit



Binance, one of the world's leading crypto-asset exchanges, paused their BNB chain after the largest exploit of the BNB chain to date, with between USD$100M and 110M of value extracted but no user tokens impacted (other than a suspension of withdrawing tokens from the ecosystem) after attackers created USD$570M in new BNB Tokens.

BNB chain is managed by Binance and offered as an ecosystem for launching decentralised applications (DApps) and has been highly active in crypto, with average daily transactions of 2.78M.

The exploit did not impact user tokens, but rather involved the attackers fabricating a long ago block in the chain with two requests resulting in 1M BNB Tokens being created under each request. Binance moved swiftly and managed to free USD$7M of the tokens before they could be used. Stablecoin Tether also reportedly blacklisted the attacker's address, preventing the created BNB from entering the Tether ecosystem. and when the chain was paused only USD$100M - USD$110M of BNB Tokens had been moved off-chain. Founder of Binance, CZ said:

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe.

The attackers had already borrowed stablecoins against the newly-created BNB and transferred those stablecoin into other tokens. Twitter user @Samczsun gave a good breakdown of how the exploit may have occurred and summarised:

... there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse

The BNB Chain restored service on Saturday and Binance thanked the community for their patience and support. The ability to suspend / pause a blockchain like BNB Chain of course raises issues around just how decentralised and unstoppable a blockchain is, if it can be paused, but when an exploit like this occurs, the benefits of some kind of centralisation / emergency override are highlighted.