EN 
VI 
Update:
In the early afternoon of October 7, BNB Chain claims to have fixed the problem and resumes operations on blockchain.
📢BNB Smart Chain (BSC) is running ok from 20+ mins ago.
— BNB Chain (@BNBCHAIN) October 7, 2022
The validators are confirming their status and the community infrastructure are upgrading as well.
The changes applied include blocking the hacker's address and continuing to interrupt communications between the BNB Beacon Chain and the BNB Smart Chain until the situation is stabilized.
BNB Chain claims to join the community to discuss issues to be solved in the near future to ensure decentralization.
- How to deal with stolen money – should it be permanently frozen or not?
- Should the BNB Auto Burn mechanism be used to compensate for the lost money? hack?
- Set up a bug bounty program, with a prize of 1 million USD for each critical vulnerability.
- Offer a hacker flip reward, with a prize of 10% of the amount that can be recovered from the attack.
UPDATE: Official BNB Chain Response.
— BNB Chain (@BNBCHAIN) October 7, 2022
We're humbled by the support, hard work, and dedication from the community of which we are proud to be a part.https://t.co/r0TcZYxFzJ
Original post:
At dawn on October 7, the community cryptocurrency BNB Chain has been hacked when witnessing an unusually large amount of tokens being circulated between wallets.
Specifically, there was a series of transactions that moved a large amount of tokens from the BSC Token Hub to an unknown address. At the time of update, this address currently owns more than 291 million USD of BNB and 421 million USD of other tokens in the BNB Chain ecosystem. The BSCScan site has marked this address as “BNB Bridge Attacker”.
In addition, according to the statistical background DeBank, the hacker was able to transfer 89.5 million USD of money to other ecosystems such as Ethereum, Fantom, Avalanche... and into liquidity pools like Venus, Geist, etc. to launder money before trading activities on BNB Chain are suspended. This is the tactic used by the hacker Wintermute recently with Curve Finance.
According to DeBank, the amount of money that hackers stole was 2 million BNB, worth more than 580 million USD. Security unit blockchain Peckshield also agrees with the above information.
The total stolen funds from BSC TokenHub Exploiter are 2M BNB (~586M loss), and here comes the ~$89.5m stolen funds that have been moved off-chains to others (~58% to) @ethereum, ~33% to @FantomFDN and ~4.5% to @arbitrum). @BNBCHAIN @cz_binance @CoinDesk https://t.co/fuRvGSMo71
— PeckShield Inc. (@peckshield) October 7, 2022
Next, the floor CEO Binance Changpeng Zhao spoke out about the incident, confirming BNB Chain was hacked and shutting down the blockchain.
An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.
— CZ Binance (@cz_binance) October 6, 2022
“The BSC Token Hub cross-chain bridge has been hacked. We have asked the network validators to suspend operations in BSC. The problem is being handled. User funds are still safe. We apologize for the inconvenience this may cause and will provide further information.”
BSC Token Hub is a connection to the BNB Beacon Chain chain (using the token standard BEP2) with BNB Chain (using token standard BEP20 or BSC).
Mr. Zhao also gave an estimate of the damage from the attack at around $100 million, which is lower than the amount of tokens in the hacker's wallet. This is probably the amount that represents the amount of tokens that have been taken out of the BNB Chain ecosystem to other blockchains, while the remaining money on the BNB Chain can be recovered or compensated by the project in some way. there. The Binance CEO writes that the amount of money lost is only equal to burn BNB the exchange's most recent quarterly.
The current impact estimate is around $100m USD equvilent, about a quarter of the last BNB burn.
— CZ Binance (@cz_binance) October 7, 2022
