Binance Smart Chain has ceased operations following a ‘potential exploit’ that has drained an estimated $100 million in cryptocurrency.

On Thursday, Binance Smart Chain was shut down after what it called a “potential exploit” that on-chain evidence suggested could have targeted hundreds of millions of dollars in cryptocurrency. 
“We’re temporarily pausing BSC because of strange activity,” BNB Chain tweeted from its official account. It later confirmed that the activity was a “potential exploit” that had been stopped.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

— CZ 🔶 Binance (@cz_binance) October 6, 2022

Initial token movements suggested that an attacker targeted up to two million BSC tokens late Thursday, but the true losses could be much lower. BNB Chain estimated that $100 to $110 million in assets had been transferred off chain, but stated in a tweet that $7 million had already been frozen.

The fact that such a small (relatively speaking) number of assets were stolen highlighted the benefit of BNB’s gamble to halt the chain rather than risk more assets escaping. Blockchains are ostensibly decentralized beasts designed to function independently of single entities: you can’t just turn them off.

BSC confirmed that it coordinated a chain shutdown after discovering issues with the BSC Token Hub protocol, which serves as a clearinghouse for crypto transactions moving between the interlocking parts of the Binance-linked blockchain. It expressed gratitude to validators for moving quickly.

“We are humbled by the community’s speed and collaboration to freeze funds,” one tweet said.

The threat of an attack shook BSC’s native BNB token, which fell to $280.40 from $293.10 after a sleepy day of trading, according to CoinMarketCap, which Binance owns.

On-chain data shows that an attacker who nabbed crypto assets via cross-chain swaps, bridges, and borrows made two massive withdrawals of 1 million BSC tokens from the BSC token hub this afternoon. Regardless, BNB’s Twitter account promised that “all funds are safe” and that it will “assist in freezing any transfers.” The biggest stable coin provider, Tether, has blacklisted the bad address, which suggests that the company thinks the token movement was caused by an attack and not by something else. 

It appears that 2 million BNB was hacked.

Tether was blacklisted which seems to confirm it. $BNB price taking a hit as a result. https://t.co/DkOtsJ6pjT

— Miles Deutscher (@milesdeutscher) October 6, 2022