BNB Chain, a blockchain connected to the Binance cryptocurrency exchange, disclosed a cross-chain bridge exploit that drained approximately $100 million in digital assets.
“There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC),” it said last week. “The exploit was accomplished through a sophisticated forging of the low-level proof into a single shared library.”
The exploit on the cross-chain bridge “resulted in extra BNB,” according to Binance CEO Changpeng Zhao, prompting a temporary suspension of the Binance Smart Chain (BSC).
“BNB, which stands for ‘Build and Build’ (previously known as Binance Coin), is the blockchain gas token that ‘fuels’ transactions on BNB Chain,” Binance explained earlier this month.
Since the vulnerability in the BSC Token Hub bridge allowed the unknown threat actor attacker to mint new BNB tokens in an unauthorized manner, no user funds are said to have been impacted.
While the attack entailed the extraction of two million BNB in two transactions, the chain’s suspension avoided the loss of roughly $430 million in cryptocurrency, according to blockchain security firm SlowMist.
It is the latest in a string of big incidents targeting cross-chain bridges (which allow assets to be transferred between blockchains) this year, following the attacks on Axie Infinity, Harmony Horizon Bridge, and Nomad Bridge.
In a similar development, Trend Micro disclosed that Water Labbu, a malicious actor, targeted 45 crypto-based fraudulent websites owned by other criminals in order to redirect victims’ assets to a wallet under their control.