Binance Smart Chain has ceased operations following a ‘potential exploit’ that has drained an estimated $100 million in cryptocurrency.
On Thursday, Binance Smart Chain was shut down after what it called a “potential exploit” that on-chain evidence suggested could have targeted hundreds of millions of dollars in cryptocurrency.
“We’re temporarily pausing BSC because of strange activity,” BNB Chain tweeted from its official account. It later confirmed that the activity was a “potential exploit” that had been stopped.
Initial token movements suggested that an attacker targeted up to two million BSC tokens late Thursday, but the true losses could be much lower. BNB Chain estimated that $100 to $110 million in assets had been transferred off chain, but stated in a tweet that $7 million had already been frozen.
The fact that such a small (relatively speaking) number of assets were stolen highlighted the benefit of BNB’s gamble to halt the chain rather than risk more assets escaping. Blockchains are ostensibly decentralized beasts designed to function independently of single entities: you can’t just turn them off.
BSC confirmed that it coordinated a chain shutdown after discovering issues with the BSC Token Hub protocol, which serves as a clearinghouse for crypto transactions moving between the interlocking parts of the Binance-linked blockchain. It expressed gratitude to validators for moving quickly.
“We are humbled by the community’s speed and collaboration to freeze funds,” one tweet said.
The threat of an attack shook BSC’s native BNB token, which fell to $280.40 from $293.10 after a sleepy day of trading, according to CoinMarketCap, which Binance owns.
On-chain data shows that an attacker who nabbed crypto assets via cross-chain swaps, bridges, and borrows made two massive withdrawals of 1 million BSC tokens from the BSC token hub this afternoon. Regardless, BNB’s Twitter account promised that “all funds are safe” and that it will “assist in freezing any transfers.” The biggest stable coin provider, Tether, has blacklisted the bad address, which suggests that the company thinks the token movement was caused by an attack and not by something else.