Cyber Incident Victim: Fetch.ai
Date:
Oct 2022
Location:
China
Summary
A threat actor exploited a vulnerability in the BSC Token Hub to steal approximately $566 million worth of Binance Coin (BNB) through forged low-level proofs. The attacker transferred 2 million BNB in two transactions before attempting to launder funds through liquidity pools. The exchange responded by suspending its Smart Chain network and collaborating with validators to mitigate the breach. Approximately $70-80 million was moved off-chain, with $7 million frozen through industry partnerships. The incident prompted an official apology and commitment to a future technical postmortem, confirming the total stolen amount while highlighting ongoing recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 6, 2022, a hacker exploited the BSC Token Hub, part of the Binance Bridge infrastructure, initiating unauthorized transactions at approximately 2:30 PM EST. The attacker's wallet received two separate transfers of 1,000,000 Binance Coins (BNB) each, totaling 2 million BNB valued at $566 million. Following the initial theft, the hacker engaged in asset conversion activities, dispersing portions of the stolen funds across multiple liquidity pools to exchange BNB for other cryptocurrencies. Binance first publicly acknowledged the security incident at 6:19 PM EST, announcing a temporary suspension of the BNB Smart Chain (BSC) to contain the breach and initiate forensic analysis. At 7:51 PM EST, Binance CEO Changpeng Zhao confirmed via Twitter that the exploit specifically targeted the BSC Token Hub, revealing that the attacker had successfully transferred funds through this vector and that all validators had been instructed to halt chain operations.
Binance's subsequent investigation determined the attacker extracted approximately $70-80 million worth of assets off-chain before containment measures took full effect. Through coordination with cryptocurrency exchanges and other ecosystem partners, $7 million of these off-chain assets were frozen to prevent further laundering. In an official statement, Binance apologized for the breach and thanked validators and partners for their rapid response while confirming the total theft of 2 million BNB. The company attributed the attack to sophisticated manipulation of a common library's low-level proof validation mechanism, which enabled forged transactions to bypass security protocols. Binance committed to publishing a detailed postmortem but did not specify a timeline for this report. The incident represented one of the largest single cryptocurrency thefts in 2022, disrupting BSC operations for several hours and necessitating coordinated chain suspensions across the network's validators. No additional compromises of Binance's core exchange systems or user wallets were reported in connection with this breach.