Binance Smart Chain Back Online After $560M Bridge Hack
BSC Back Online Friday After Major Exploit
By: Owen FernauDeFi News
Another major DeFi bridge has been exploited, and Binance’s Ethereum-compatible blockchain is the target.
Binance Smart Chain (BSC) was paused on Thursday after more than $500m in BNB, the Binance ecosystem’s native token, were drained from the official bridge.
BNB fell 5% once news of the hack became public but has since pared some of its losses. On Friday, BNB Chain tweeted that the service was back online.
“BNB Smartchain (BSC) is running ok from 20+ minutes ago,” the venture said in a post. “The validators are confirming their status and the community are upgrading as well.”
BNB’s token has stabilized at $284.06 in late morning trading U.K. time, according to CoinGecko data.
BNB Price, Source: The Defiant Terminal
According to Zane Huffman, who works at Vesper Finance, a platform which gives users access to out-of-the-box DeFi earning strategies, the attacker obtained 2M BNB tokens through the official BNB Chain (BSC) bridge. Researcher Igor Igamberdiev notes that the attacker registered as a relayer for the bridge shortly before the exploit.
Exploiter’s Wallet. Source: DeBank
The stolen BNB is worth around $560M as of Oct. 6. The attacker then deposited BNB into Venus, a lending protocol on BSC, and borrowed 150M in stablecoins.
The attacker has since bridged some of those assets to multiple other chains — there are $53M in assets on Ethereum and almost $49M on Fantom as of 8pm ET, according to DeBank.
Chain Paused And Withdrawals Halted
In response to the hack, BSC’s Twitter account tweeted that the blockchain has been paused. The team also claims that only $70M to $80M in assets have been moved off-chain, which has observers asking about the remaining $400M-plus of BNB sitting in the attacker’s wallet.
Binance, the world’s largest crypto exchange with $14.7B in trading volume in the past 24 hours, has suspended deposits and withdrawals on BSC. This makes it likely that the $430M of BNB left on BSC will remain inaccessible, leaving the hacker with roughly $100M in assets on other chains.
The attacker’s address has been blacklisted by Tether, the issuer of crypto’s largest stablecoin USDT. Blacklisting isn’t new to DeFi but underscores the extent of centralized control that exists in the ecosystem, which runs counter to crypto’s permissionless ethos.
Updated on Oct. 7 with Binance Smart Chain tweet and BNB prices.