More than half a billion dollars stolen from world’s largest crypto exchange

Binance, the world’s largest crypto exchange, had $570 million worth of tokens stolen after hackers found an exploit in the Binance Smart Chain. The company went as far as temporarily halting all trading on its exchange in reaction to the theft, but has since resumed trading.

CNBC reports (opens in new tab) that hackers made off with 2 million Binance Coins, or BNB, about $570 million in value. Binance initially reported (opens in new tab) that only $100 million worth of tokens were stolen but later confirmed the larger amount on its blog (opens in new tab) after an internal investigation.

Binance CEO Changpeng Zhao took to Twitter (opens in new tab) to explain that “an exploit on the cross-chain bridge, BSC Token Hub, resulted in extra BNB.” A bridge acts as a go-between so that you can transfer assets from one blockchain to another. Hackers used this exploit to forge transactions, essentially tricking the bridge into moving tokens off-network and into their digital wallets. 

Binance worked with several network validators (people or groups who validate transactions on the blockchain) to halt the creation of new blocks and to pause all transactions while the company looked into the security breach. 

Zhao said the issue is “contained now” and that “your funds are safe.” 

Binance told CNBC that most of the stolen tokens are still in the hacker’s wallet and that $100 million was “unrecovered.”

Binance says it will be holding an “on-chain governance vote” among validators in the next few days to address issues after the attack, like whether to freeze hacked funds or start a bounty program for catching bugs and hackers. Binance plans to share more information about how it plans to defend its blockchain from future cross-chain bridge attacks. The last time we saw a crypto heist this brazen was in 2021, when someone stole over $600 million (opens in new tab) in cryptocurrency from the Poly Network and weirdly ended up giving back half of it.