BNB Chain Halts After 'Potential Exploit' Drained Estimated $100M in Crypto

BNB Chain was forced to hit the brakes on Thursday after the blockchain with ties to the world's largest crypto exchange by volume suffered what it called a "potential exploit" that on-chain evidence suggested could have targeted hundreds of millions of dollars in crypto.

BNB Chain is composed of BNB Beacon Chain and BNB Smart Chain (BSC).

"Due to irregular activity we're temporarily pausing BSC," BNB Chain tweeted from its official account, later confirming that the activity was a "potential exploit" that it characterized as contained.

Initial token movements suggested that up to 2 million BSC tokens, worth roughly $570 million, were targeted by an attacker late Thursday, but Binance CEO Changpeng Zhao estimated in a tweet the attacker was only able to get away with $100 million of that. BNB Chain also tweeted that $7 million of that amount was already frozen.

That such a small (comparatively speaking) sum of assets were stolen underscored the upside of BNB's gamble to halt the chain rather than risk more assets escaping. Blockchains are purportedly decentralized beasts designed to operate beyond the whim of singular entities. You aren't supposed to just flip an off switch.

BSC confirmed that it coordinated a shutdown of the chain after spotting issues with the BSC Token Hub protocol, the clearinghouse for crypto transactions moving between the Binance-linked blockchain's interlocking parts. It thanked validators for moving quickly.

"We are humbled by the speed and collaboration from the community to freeze funds," one tweet read.

The chain has since come back online since then and BNB Chain announced that it will hold a series of on-chain governance votes that will decide whether the hacked funds should be frozen. There will also be a vote on a bug bounty reward system to prevent future hacks from happening.

The specter of an attack rocked BSC's native BNB token, which after a sleepy day of trading dipped to $280.40 from $293.10, according to CoinMarketCap, which Binance owns.

On-chain data shows that this afternoon two massive withdrawals of 1 million BSC tokens from BSC token hub by an attacker that nabbed crypto assets with cross-chains swaps, bridges, and borrows. Regardless, BNB's Twitter promised "all funds are safe" and said it will "help freeze any transfers."

Twitter sleuths point out that Tether – the largest stablecoin provider – has blacklisted the offending address, suggesting that the firm suspects the movement of tokens was the result of an attack rather than something more benign.

UPDATE (Oct. 7, 2022 09:52 UTC): Adds information on BNB Chain governance vote proposals.

UPDATE (Oct. 7, 07:27 UTC): Updates headline, lede and story with new information.