The hackers made off with at least $100 million but the figure could have been much higher.
The rare step of suspending transactions and fund transfers was taken by the BNB Chain and BNB Smart Chain after discovering a vulnerability. The purpose of these bridges is to facilitate the transfer of assets.
The attacker was able to forge messages because of the vulnerability in the token hub bridge. The user funds were unaffected since the stolen token were not pre-existing ones.
A total of 2 million BNB were initially withdrawn by the hacker, according to the BNB Chain team. The attacker only took $110 million because the majority of the stolen token couldn't be moved, according to SlowMist.
The company estimates the impact of the incident to be between $100 million and $110 million, according to the CEO.
The issue is no longer a problem. The money is safe. We apologize for the delay and will give further updates as soon as possible.
The BNB Chain team posted on their website that the chain is back up and running. A new governance mechanism will be put in place on the BNB Chain to fight and defend against future attacks, according to the post.
Adrian Hetman, tech lead of the Triaging Team at Immunefi, a web3 bug bounty program provider, said that the bug was in how the proof of transactions were processed. If the proof is valid, the logic checks the message proof and proceeds with thePayout.
Even though the hacker didn't have valid claims to the funds, he tricked the logic of the contract into thinking the message was valid. The BSC token hub went ahead and paid out as everything was valid.
There have been cross-chain bridge hacks in the last year. There have been two cross-chain bridge hacks this year, one in June and another in August.
In March of this year, $625 million was stolen by hackers after the attack on AxieInfinity's Ronin Bridge.
Binance founder Changpeng ‘CZ’ Zhao shares his vision of web3 opportunities at TC Sessions: Crypto