2 million Binance Coins stolen by hacker

Last Updated on: 9th October 2022, 05:45 pm

The security architecture of the crypto industry is under attack. Almost 2 million Binance Coin (worth approximately $570 million) were effectively minted and stolen.

In the depths of cryptocurrency’s seemingly endless security lies a weakness recently feasted upon by hackers. This weakness became the portal for hackers to gain access to millions of assets. The weakness in question is known in the world of the digital world as “cross-chain bridges.”

This week, a hacker successfully took off with about $100 million via a bridge used by Binance Holdings Ltd., crypto’s largest exchange. 

READ MORE: FACEBOOK: 1 MILLION USERS HAVE CREDENTIALS COMPROMISED

What is a cross-chain bridge and how do hackers abuse it

A cross-chain bridge is software that acts as a ‘bridge’ to move crypto tokens from different blockchains. Imagine sending money from one account to another, the gap connecting the two accounts is the cross-chain bridge. An article posted by Coin Telegraph back in May of this year questioned the possibility of a secure future with cross-chain bridges.

“There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub.” A total of 2 million BNB was withdrawn. The exploit was through a sophisticated forging of the low level proof into one common library.“

BNB Chain Team

This Thursday, Binance confirmed that they were hacked but clarified that this was an isolated case to the BNB Chain. As of writing, there has not been any confirmation as to whether or not the assets stolen were recovered. However, Binance emphasized that “no user funds were lost.”

READ MORE: OVERWATCH 2 RELEASE MET WITH DDOS ATTACK AND LOST ACCOUNTS

Falling bridges don’t just affect Binance

An article from Elliptic in June of this year summarized the total value of bridge attacks this year. Elliptic is “the leading provider of crypto compliance solutions globally.” The article gives us an idea of how big this issue has been just this year.

The most controversial among all of these attacks is the theft that happened this March in Ronin – a gaming-focused mobile wallet for Axie Infinity. The official website of Ronin’s Newsletter confirmed the attack on their post back on March 29 of this year. The post was updated until late June of this year. The post indicated, “Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised, resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.”

Some well-funded bridges aim to provide users with a “security first” sense of responsibility like Nomad. An article from Coin Desk in August of this year confirmed that $190 million was stolen after an attack on the bridge. The article did confirm that $9 million was sent back to Nomad a day after the cross-bridge was attacked.

READ MORE: GOOGLE SEARCH OFFERS HELP TO USERS TRYING TO WIPE THEIR DIGITAL FOOTPRINT

My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b

— vitalik.eth (@VitalikButerin) January 7, 2022

Why the cross-chain bridges vulnerable to attacks

There are several reasons why cross-chain bridges have been deemed vulnerable by hackers. These reasons focus mainly on the current limitations of the technology. Even before the official establishment of cross-chain bridges in the crypto world, there have been several criticisms. This old post from Vitalik Buterin, a known name in the crypto industry, lists most of the software’s vulnerabilities.

One of the most common reasons for the attack on bridges is that they maintain large amounts of assets. Much like in older times, where the highest value targets to rob were the places and transports carrying the most value, a similar logic applies in the digital world. The more assets there are in the bridge, the more tempting it is for hackers to attack it.

Another concern in cross-chain bridges is the lack of decentralization. For a transaction to be completed in the crypto industry, node validators are placed in the bridges. These are like checkpoints in a street. They ‘validate’ the transaction before it gets completed. The goal is to increase the number of validators on a bridge. However, doing so also decreases the speed of the transaction, not to mention the scale of finances needed to fund the increase of the validators.