{"id":68221,"date":"2022-10-07T03:52:17","date_gmt":"2022-10-07T00:52:17","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=68221"},"modified":"2025-09-07T12:58:01","modified_gmt":"2025-09-07T09:58:01","slug":"bnb-chain-team-restores-network-after-100-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/bnb-chain-team-restores-network-after-100-million-hack\/","title":{"rendered":"BNB Chain team restores network after $100 million hack"},"content":{"rendered":"<p>The BNB Chain team halted the network amid the breach of the BSC Token Hub bridge. Hackers stole digital assets worth more than $544 million, but only $100 million had been withdrawn.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">This reddit post contains a bit more detail.<a href=\\\"https:\/\/t.co\/ENjBRvEWjT\\\">https:\/\/t.co\/ENjBRvEWjT<\/a><\/p>\n<p>\u2014 CZ \ud83d\udd36 Binance (@cz_binance) <a href=\\\"https:\/\/twitter.com\/cz_binance\/status\/1578171074226765826?ref_src=twsrc%5Etfw\\\">October 6, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cThe initial assessment of funds exfiltrated from BSC ranges from $100 million to $110 million. However, thanks to the actions of the community, as well as our internal and external security partners, about $7 million has already been frozen,\u201d said a Binance spokesperson on Reddit.<\/p>\n<\/blockquote>\n<p>BSC Token Hub is the internal cross-chain bridge of the BNB Chain ecosystem. It enables transfer of tokens between the governance blockchain BNB Beacon Chain and the consensus layer of the BNB Smart Chain (BSC).<\/p>\n<p>According to Binance CEO Changpeng Zhao, the attackers exploited an exploit that \u201cled to the appearance of additional BNB\u201d. The project team asked validators to suspend operations on the BSC.<\/p>\n<div class=\\\"wp-block-text-wrappers-update-2 article_update\\\"><time class=\\\"gtb_text-wrappers_update_time\\\">October 7, 2022 | 09:16<\/time><span class=\\\"gtb_text-wrappers_update_head\\\">Update: <\/span><\/p>\n<p>The BNB Chain team published a code update. Activation by validators of the hard fork would lead to:<\/p>\n<ul class=\\\"wp-block-list\\\">\n<li>blocking the hacker accounts;<\/li>\n<li>freezing transfers of assets between the BNB Beacon Chain and the BNB Smart Chain.<\/li>\n<\/ul>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">Update\ud83d\udce2 BSC validators are coordinating to bring back BNB Smart Chain (BSC) in an hour with the latest release <a href=\\\"https:\/\/t.co\/d2gIsRlGDC\\\">https:\/\/t.co\/d2gIsRlGDC<\/a><\/p>\n<p>It includes:<br \/>1.Stopping hacker accounts from acting<\/p>\n<p>1\/2<\/p>\n<p>\u2014 BNB Chain (@BNBCHAIN) <a href=\\\"https:\/\/twitter.com\/BNBCHAIN\/status\/1578249467362308097?ref_src=twsrc%5Etfw\\\">October 7, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<div class=\\\"wp-block-text-wrappers-update-2 article_update\\\"><time class=\\\"gtb_text-wrappers_update_time\\\">October 7, 2022 | 10:15<\/time><span class=\\\"gtb_text-wrappers_update_head\\\">Update: <\/span><\/p>\n<p>Developers said that after validators confirmed their status the network is \u201coperating normally.\u201d The infrastructure upgrade continues.<\/p>\n<\/div>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">\ud83d\udce2BNB Smart Chain (BSC) is running ok from 20+ mins ago.<\/p>\n<p>The validators are confirming their status and the community infrastructure are upgrading as well.<\/p>\n<p>\u2014 BNB Chain (@BNBCHAIN) <a href=\\\"https:\/\/twitter.com\/BNBCHAIN\/status\/1578277281000136704?ref_src=twsrc%5Etfw\\\">October 7, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\n<\/div>\n<p> Zhao emphasized that the \u201cproblem is localised,\u201d and users&#8217; funds are \u201csafe.\u201d According to <a href=\\\"https:\/\/bscscan.com\/\\\">BscScan<\/a>, at time of writing the network is not producing blocks.<\/p>\n<p>According to <a href=\\\"https:\/\/debank.com\/profile\/0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec\\\">DeBank<\/a>, the attackers&#8217; address holds digital assets worth over $544 million \u2014 about 80% of the funds (~$433 million) are on the BNB Chain and cannot be withdrawn.<\/p>\n<figure class=\\\"wp-block-image size-large\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" width=\\\"1024\\\" height=\\\"260\\\" src=\\\"https:\/\/forklog.com\/wp-content\/uploads\/debank-1024x260.png\\\" alt=\\\"\u041a\u043e\u043c\u0430\u043d\u0434\u0430 BNB Chain \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u0435\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0432\u0437\u043b\u043e\u043c\u0430 \u043d\u0430 $100 \u043c\u043b\u043d\\\" class=\\\"wp-image-186996\\\" srcset=\\\"https:\/\/forklog.com\/wp-content\/uploads\/debank-1024x260.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/debank-300x76.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/debank-768x195.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/debank.png 1211w\\\" sizes=\\\"auto, (max-width: 1024px) 100vw, 1024px\\\" \/><figcaption>Data: DeBank.<\/figcaption><\/figure>\n<p>Researchers Paradigm under the handle samczsun explained that a critical vulnerability in the BSC Token Hub allowed attackers to perform a double-spend attack.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">Either Binance was finally running the biggest giveaway that Web3 had ever seen, or the attacker had found a critical bug<\/p>\n<p>\u2014 samczsun (@samczsun) <a href=\\\"https:\/\/twitter.com\/samczsun\/status\/1578169420194934784?ref_src=twsrc%5Etfw\\\">October 6, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>According to SlowMist, the attackers funded the attack from addresses belonging to the ChangeNOW crypto-exchange. After performing the exploit they deposited 900,000 BNB into Venus Protocol to open overcollateralized positions worth $147 million.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">The hacker stole a total of 2 Million BNBs in two transactions. <\/p>\n<p>Then deposited 900,000 <a href=\\\"https:\/\/twitter.com\/search?q=%24BNB&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$BNB<\/a> to <a href=\\\"https:\/\/twitter.com\/VenusProtocol?ref_src=twsrc%5Etfw\\\">@VenusProtocol<\/a> as collateral to borrow:<br \/>~62M <a href=\\\"https:\/\/twitter.com\/search?q=%24BUSD&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$BUSD<\/a><br \/>~50M <a href=\\\"https:\/\/twitter.com\/search?q=%24USDT&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$USDT<\/a><br \/>~35M <a href=\\\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$USDC<\/a> <a href=\\\"https:\/\/t.co\/FvnA4pyqSt\\\">pic.twitter.com\/FvnA4pyqSt<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\\\"https:\/\/twitter.com\/SlowMist_Team\/status\/1578173356762927104?ref_src=twsrc%5Etfw\\\">October 7, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The Venus Protocol team stressed that users&#8217; funds are safe. The developers said that the hackers will either repay the loan and liquidity returns to pre-attack levels, or disappear with the borrowed stablecoins and positions will be forced to liquidate slowly.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">2\/2 There are 2 options next:<\/p>\n<p>*The borrower refunds hir\/her loans, liquidity returns to the protocol immediately and APY drops back to normal.<\/p>\n<p>*He\/She doesn\u2019t refund and disappear with the borrowed stablecoins = The account will accumulate interest and slowly get liquidated.<\/p>\n<p>\u2014 Venus Protocol (@VenusProtocol) <a href=\\\"https:\/\/twitter.com\/VenusProtocol\/status\/1578166459679014912?ref_src=twsrc%5Etfw\\\">October 6, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>In September 2022, the market-maker Wintermute <a href=\"https:\/\/forklog.com\/en\/news\/hackers-stole-160-million-from-wintermute\">lost assets worth $160 million<\/a> in a hacking attack.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news on our Telegram \u2014 crypto news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The BNB Chain team halted the network amid the breach of the BSC Token Hub bridge. Hackers stole digital assets worth more than $544 million, but only $100 million had been withdrawn.<\/p>\n","protected":false},"author":1,"featured_media":68222,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[744,1307,1154],"class_list":["post-68221","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-binance","tag-bnb-chain","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"44","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=68221"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68221\/revisions"}],"predecessor-version":[{"id":68223,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68221\/revisions\/68223"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/68222"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=68221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=68221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=68221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}