Cyber Incident Victim: Binance
Date:
Oct 2022
Location:
China
Summary
A hacker exploited the BSC Token Hub to steal 2 million Binance Coins (BNB) valued at approximately $566 million, initiating the attack through two transactions of 1 million BNB each. The attacker attempted to launder funds by distributing them across liquidity pools, prompting the suspension of the Binance Smart Chain during the investigation. While most stolen assets remained on-chain, between $70 million and $80 million moved off-chain, with $7 million frozen through collaboration with external partners. The breach leveraged a sophisticated forgery of low-level proofs within a common library, leading to unauthorized withdrawals. The company acknowledged the incident publicly, apologized, and committed to releasing a detailed postmortem.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 6, 2022, a security breach targeting the Binance Bridge resulted in the theft of 2 million Binance Coins (BNB), valued at approximately $566 million. The attack commenced at approximately 2:30 PM EST, with the attacker’s wallet receiving two sequential transactions of 1,000,000 BNB each. Following the initial theft, the hacker began dispersing portions of the stolen funds across multiple liquidity pools in an effort to convert the BNB into other cryptocurrency assets. Binance first publicly acknowledged the incident at 6:19 PM EST, announcing a temporary suspension of the BNB Smart Chain (BSC) to facilitate investigation and mitigate further damage. By 7:51 PM EST, Binance CEO Changpeng Zhao confirmed via Twitter that the breach originated from an exploit within the BSC Token Hub, a core component facilitating cross-chain transfers. This exploit enabled the unauthorized transfer of BNB to the attacker’s address, prompting Binance to instruct all network validators to halt BSC operations entirely. Initial assessments indicated that between $70 million and $80 million of the stolen assets had been moved off-chain, though collaborative efforts with external cryptocurrency partners led to the freezing of approximately $7 million in these off-chain funds.
Binance issued a formal apology to its user community through its website, acknowledging the severity of the incident and expressing gratitude to partners and validators for their rapid coordination. The company confirmed the total loss of 2 million BNB and attributed the attack to a sophisticated exploitation method involving the forgery of low-level cryptographic proofs within a common library utilized by the BSC Token Hub. This vulnerability allowed the attacker to generate fraudulent withdrawal approvals, bypassing standard security validations. While Binance emphasized its commitment to releasing a comprehensive postmortem analysis, immediate containment measures focused on maintaining the suspension of the BSC until system integrity could be assured. The incident disrupted BSC-based transactions and services for several hours, underscoring the operational and financial repercussions of the breach. Binance’s public communications highlighted ongoing collaboration with industry entities to trace and recover additional funds, though no further specifics regarding long-term remediation or forensic findings were disclosed at the time of initial reporting.