BNB Chain, the native blockchain behind Binance, resumed operations on October 7 after reports indicated a hacker made off with an estimated 2 million BNB tokens by exploiting a vulnerability in the network.
The BNB Chain was halted earlier after an exploit was discovered that drained $100 million in crypto from the platform, while $7 million of the total crypto has already been frozen.
“There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as ‘BSC Token Hub.’ The exploit was through a sophisticated forging of the low level proof into one common library,” the BNB Chain team said.
As a result of the incident, the BNB token price fell from $293.10 to $280.40 on October 7. Zhao Changpeng, commonly known as “CZ”, the founder and CEO of Binance, also Tweeted about the incident saying that in the midst of the network suspension, validators were asked to temporarily suspend BSC in order to contain the issues.
The hack caused public concern on the platform. A researcher from Paradigm said that there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages.
In response to Cyber Capital’s founder’s questioning about BNB’s decentralization, Zhao retweeted a blog he published three years ago titled “CZ on Centralization Vs. Decentralization”, saying that his opinion is still pretty much the same. He believes that far more important than centralization or decentralization are security, ease-of-use, and freedom.
A cross-chain bridge connects independent blockchains and enables the transfer of assets and information between them. However, regardless of how those funds are stored, a storage point can become the target of hackers. As of 2022, cross-chain bridge hacks accounted for 69% of hacks, with more than $2 billion stolen, according to Chainalysis.
BSC was involved in the Poly Network hack in early August in 2021 that saw $253 million lifted from BSC and more than $600 million stolen in total. Ronin, powering one of the world’s most popular blockchain games, Axie Infinity, has also been hacked, losing about $620 million in the process. Polynetwork was also hit by hackers who stole more than $600 million in assets.