

BNB Chain Responds to 2M BNB Bridge Exploit; How Did It Happen?



BNB Chain resumed operations and apologized to the community while promising changes to prevent future hacks, following the bridge exploit.
2 Million BNB Tokens Minted in BNB Chain Bridge Exploit
BNB Chain has given an official account of the events of Thursday’s massive $580 million-plus hack after resuming operations Friday, apologizing to the community and promising to implement changes to prevent such attacks in the future.
“The exploit was through a sophisticated forging of the low level proof into one common library,” wrote the company in the response.
Translated into English, this means that the hacker(s) forged messages that convinced the bridge to send them BNB. BNB Chain’s note also included a number of actions the company will take next, including:
- Deciding whether to freeze the hacked funds.
- Deciding whether to use Auto-Burn to cover the remaining hacked funds.
- Rewarding anyone who finds a significant bug in the future with $1 million.
- Rewarding 10% of recovered funds to any party who catches hackers.
- Continuing to expand the number of community validators to further decentralize BNB Chain.
- Introducing a new “on-chain governance mechanism” on BNB Chain to “fight and defend future possible attacks.”
What Exactly Happened?
To recap, the hacker(s) exploited the BSC Token Hub cross-chain bridge – the bridge between the BNB Beacon Chain/BEP2 and BNBChain/BEP20 chains – essentially minting 2 million new BNB (value of about $580 million) that they sent to themselves in two separate transfers.
Security firms and researchers have posted several analyses of the attack on Twitter starting Thursday not long after the attack, with details continuing to be filled in as the community dissects on-chain events and analyzes the exploiter’s moves.
Security firm Ancilia, Inc. was among the first parties to notice the hack, which they were listed as having reported on BscScan shortly after the attack began.

Anonymous Twitter user and blockchain researcher “samczsun” was among the first to detail the event, which they chronicled shortly after the hack unfolded.
The first step in the attack seems to have been when the person(s) now known as the “BNB bridge exploiter” registered as a relayer for the BSC Token Hub bridge so they could position themselves for the exploit, explained samczun on Twitter shortly after the hack, along with their detailed analysis.
All that's left is to put it all together. We'll take a legitimate proof and modify it so that:
— samczsun (@samczsun) October 7, 2022
1) we add a new leaf for our forged payload
2) we add a blank inner node to satisfy the prover
3) we tweak our leaf to exit early with the correct root hashhttps://t.co/n9kYNKLOkL pic.twitter.com/zA1ZdbPvz6
“In summary, there was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages,” wrote samczsun. “Fortunately, the attacker here only forged two messages, but the damage could have been far worse.”
Once the hacker had the money, they began moving it off-chain in what some researchers have called sloppily executed and strangely slow. They managed to move about $90 million-$110 million off, according to different accounts, using it to buy stablecoins such as USDT and USDC via Venus Protocol and borrow ETH on Fantom, among other moves. Partway into the hacker’s attempt to move the funds, Tether froze about $10 million worth of USDT the hacker had acquired with the BNB.
So in summary as of now:
— GREEN JEFF (The Bread #9) (@jeffthedunker) October 6, 2022
* 2mm $BNB ($550mm) withdrawn from Bridge
* * half of that used to mint misc. stables
* * Small amount swapped for stables directly
* stables bridged everywhere
* ~$50mm $ETH buy on mainnet
* ~$20mm $ETH borrowed: TraderJoe + Geist
* $10mm $USDT frozen
Security firm PeckShield Inc. has analyzed the event and determined that closer to $90 million was moved off-chain, including about 58% to Ethereum, 33% to Fantom, and 4.5% to Arbitrum. How much the hacker has successfully made away with is still unclear, but BNB Chain noted in their response that a full and transparent “postmortem” is in progress and results will be made publicly available in hopes of helping other projects address vulnerabilities in their own bridges.
The total stolen funds from BSC TokenHub Exploiter are 2M BNB (~586M loss), and here comes the ~$89.5m stolen funds that have been moved off-chains to others (~58% to @ethereum, ~33% to @FantomFDN and ~4.5% to @arbitrum). @BNBCHAIN @cz_binance @CoinDesk https://t.co/fuRvGSMo71
— PeckShield Inc. (@peckshield) October 7, 2022
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, cryptonomics explainers, and Trading Tool Kits from BSC News.
Want the latest DeFi secrets delivered directly to your inbox every week from a leading industry expert? Instantly learn about strategies that could have you earning APYs of up to 69,000% with DeFi Maximizer. Sign up today and enjoy a 25% discount off of your first month!
Looking for a job in crypto? Check out the CryptoJobsNow listings!
Author
Related News


Memecoins Shiba Inu (SHIB) and DigiToads (TOADS) Among Most Appealing Cryptos to Buy Now

Both SHIB and TOADS offer rewarding and enjoyable investment opportunities, with TOADS more positioned to bring outsized returns.
Memecoins like DigiToads (TOADS) and SHIB are starting to gain momentum in the crypto world. There's a reason for this: many investors are tired of stagnant cryptos that offer nothing in the way of enjoyment. Both TOADS and SHIB are actually FUN to invest in, rather than just boring options you leave in your portfolio and check back to see if they've moved in price. The only fun you can have with Bitcoin is when you look at your charts and see that it's gone up in price, but with SHIB and TOADS, you can enjoy the journey along the way. That's why memecoins offer a more viable investment opportunity right now, one that puts the fun back into the altcoin world and allows you to profit while you play. TOADS leads the way as the top crypto to buy right now, here's why:

DigiToads (TOADS)
TOADS puts the fun back into crypto investing thanks to the most comprehensive P2E memecoin model ever seen, making it lead the way as one of the best cryptos to invest in. Not just for right now: but for the long term, too. So if you want gains as well as rewarding fun, it's important to understand the incredible P2E benefits that TOADS bring to the table.
As part of a wider 7% sales tax on transactions, 2% goes straight into the TOADS rewards pool. This will ensure the long-term viability of the project and make sure there's always enough money to go around. And it's both fun and simple to start earning TOADS token rewards in the revolutionary TOADS swamp arena. In the swamp arena, you get to battle it out every season with your own unique TOADS companions. You can collect more companions, nurture them by feeding and leveling up, and take them into the swamp arena to battle it out as part of one of the most enjoyable experiences ever seen in the crypto world. The best battlers will win more TOADS tokens every season, which will either be instant profit or enable you to power up your TOADS to make them even stronger.
As you can see, the TOADS P2E environment is second to none, truly revolutionizing the space by putting the fun factor back into investing in a big way. TOADS has its sights set on quickly becoming one of the top 5 cryptocurrencies by market cap and will continue to reward early investors along the way throughout its incredible presale journey and beyond. Check it out immediately if you want fun, gains, and rewards.
Shiba Inu (SHIB)
SHIB helped revolutionalize the memecoin world a couple of years ago when it added a new level of collectibility and a level of fun to investing that the industry hadn't seen before. While SHIB struggled to hold into its gains, it still has a lot of potential in the crypto investment world. Many still see SHIB as the standout memecoin option, but TOADS is hot on its tail as it continues to show presale prowess.
Conclusion
Both SHIB and TOADS stand out as two of the most fun and rewarding crypto investments available. TOADS leads the way as the best new crypto to invest in by a wide margin, continuing to welcome new investors while giving them a fun-first way to earn. Consider adding TOADS to your portfolio immediately if you want an enjoyable way to earn and an investment that's ready to launch into the stratosphere.
For more information on DigiToads visit the website, join the presale, or join the community for regular updates.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
Follow us on Twitter and Instagram!
If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, cryptonomics explainers, and Trading Tool Kits from BSC News.
Looking for a job in crypto? Check out the CryptoJobsNow listings!

Swap Now

Sign up Now
Coming Soon

Bet Crypto

Claim Bonus
Coming Soon

Sign Up Now

Earn Now

What is this?

Play Now

Sign Up Now
Coming Soon
Editors Choice
Other Currencies
- nameLTBuyLitecoin
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyEOS
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyMonero
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyBitcoin Cash
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0%