Binance is not immune to cryptojackings: on the night of Thursday, October 6 to Friday, October 7, the leader of this cryptoactive exchange confirmed that a third party managed to exploit a security flaw that allowed it to steal digital assets worth an estimated $100 million according to the director of Binance. A lesser evil: the perpetrators of the attack had the possibility of stealing the equivalent of $565 million in Binance Coins (BNB), but the reaction of the company’s teams allowed them to be prevent them from taking all the funds.
Therefore, the company announced overnight the suspension of the activities of your BSC Token Hub service allowing you to withdraw or deposit your binance coins. This so-called “gateway” service (“bridge”) is a blockchain-enabled software that allows exchange users to exchange their assets (bitcoin, ether, and other cryptocurrencies supported by Binance) into binance coins, which can then be converted into other types of digital assets.
This shutdown came after Binance teams detected overnight use of a hacking vulnerability in BSC Token Hub. This security flaw, triggered by sending forged instructions to the service, allowed the attackers to generate over two million additional binance coins, the total value of which was estimated at 565 million dollars on the morning of Friday, October 7. A tidy sum that could have ended up in your pockets if all transactions involving binance coins had not stopped for a few hours. The drastic measure effectively prevented the attackers from converting the assets generated through the security breach into other digital assets and recovering all the funds created.
“Your funds are safe”insured On twitter Binance leader Changpeng Zhao, who recalls that the initiative that allowed the funds to be blocked did not come directly from him, but from the team in charge of maintaining binance coins and its blockchain. As for the 100 million dollars that the attackers managed to remove before their intervention, the company says that it is working with its partners to find them, tracing the funds that have passed through other blockchains. On Friday morning, the teams announced that they had obtained the freezing of $7 million worth of crypto assets from their partners and restored the functioning of the binance coin blockchain.
This is not the first time that hackers have attacked the gateway mechanisms of organizations in the world of cryptocurrencies. In 2021, the game axie infinity had fallen victim to a similar attack targeting its Ronin gateway, which had allowed attackers to steal the equivalent of $545 million (on the day of the attack) in ether and tether. Chainalysis, a company specializing in the analysis and tracking of funds in blockchains, identified thirteen hacks of this type between January and August 2022, which represents 69% of cryptocurrency thefts in the year.