According to Zane Huffman, who works at Vesper Finance, a platform which gives users access to out-of-the-box DeFi earning strategies, the attacker obtained 2M BNB tokens through the official BNB Chain (BSC) bridge. Researcher Igor Igamberdiev notes that the attacker registered as a relayer for the bridge shortly before the exploit.
The stolen BNB is worth around $560M as of Oct. 6. The attacker then deposited BNB into Venus, a lending protocol on BSC, and borrowed 150M in stablecoins.
The attacker has since bridged some of those assets to multiple other chains — there are $53M in assets on Ethereum and almost $49M on Fantom as of 8pm ET, according to DeBank.
Chain Paused And Withdrawals Halted
In response to the hack, BSC’s Twitter account tweeted that the blockchain has been paused. The team also claims that only $70M to $80M in assets have been moved off-chain, which has observers asking about the remaining $400M-plus of BNB sitting in the attacker’s wallet.
Binance, the world’s largest crypto exchange with $14.7B in trading volume in the past 24 hours, has suspended deposits and withdrawals on BSC. This makes it likely that the $430M of BNB left on BSC will remain inaccessible, leaving the hacker with roughly $100M in assets on other chains.
The attacker’s address has been blacklisted by Tether, the issuer of crypto’s largest stablecoin USDT. Blacklisting isn’t new to DeFi but underscores the extent of centralized control that exists in the ecosystem, which runs counter to crypto’s permissionless ethos.
Updated on Oct. 7 with Binance Smart Chain tweet and BNB prices.