10 Oct 2022
BNB Bridge Exploit: $110 million stolenA vulnerability in the bridge between the BNB Beacon Chain and the BNB Smart Chain allowed hackers to endow themselves with 2 million BNB tokens ($570 million) last Thursday.
The hack exploited a weakness in the BSC Token Hub bridge’s code, enabling the hackers to forge valid messages to mint new BNB tokens. No users, therefore, lost their tokens but were rather diluted through the minting of new tokens. The attackers only managed to get away with about $110 million in tokens, as the BNB chain was halted when the hack was discovered, and the unmoved tokens deemed invalid following the suspension.The Binance bridge hack adds to a line of blockchain bridges being exploited, proving the difficulty of creating secure bridges between blockchains. The security of bridges is an ongoing topic of debate in the crypto community. In January, Ethereum co-founder VitalikButerin chimed in with his two cents, warning about the security of cross-blockchain bridges. He argued that bridging assets across blockchains would never enjoy the same guarantees as staying within one blockchain. The empirical evidence backs up his point, with an unproportionally large percentage of stolen funds stemming from bridge exploits. In total, close to $1.5 billion in tokens are stolen through bridge exploits so far this year. The Binance bridge hack ranks fourth in terms of size so far this year. The largest bridge exploit in 2022 is still the Axie/Ronin exploit in March, where hackers got away with $615 million in tokens.