Scammers stole cryptocurrency worth roughly $100 million from Binance, the world’s biggest exchange for cryptoassets, the firm said on Friday.
This article was originally published by Insider Paper.
The total stolen was $580 million, but company chief Changpeng Zhao said roughly 80 percent had been frozen immediately, and the damage had been limited to less than $100 million.
He tweeted that “an exploit” in the system led to extra production of the exchange’s dedicated currency, BNB, but insisted the issue had been “contained” and told his seven million followers: “Your funds are safe.”
It is among the biggest thefts in cryptocurrency history and comes in a year where scammers preying on the sector have got away with billions of dollars.
In the most damaging incident, the Axie Infinity blockchain game was hacked for more than $500 million in late March.
Both scams exploited weaknesses in “cross-chain bridges” — the means used by investors to move assets from one blockchain to another.
Blockchains are digital ledgers that store details of transactions — the biggest is bitcoin but there are thousands of others.
Binance, which boasted of handling transactions worth $32 trillion last year, said in a statement that “a total of 2 million BNB was withdrawn”, which valued the heist at around $580 million.
Zhao later clarified in an interview with MSNBC that most of those coins had been frozen.
A Binance spokesman told AFP that rapid reaction and coordination meant “the majority of the funds remained in the exploiter’s address, while partners helped secure funds on other chains as well”.
– ‘Complete chaos’ –
Prominent crypto figures had taken to social media late on Thursday talking of a $600 million theft hours before the firm sent its first statement.
“Somebody on BNB just got hacked for (roughly) 2 million BNB,” wrote a developer who uses the name foobar on Twitter.
“The attacker is spewing funds across liquidity pools and utilising every bridge they can to get to safer chains. Complete chaos on the chain.”
Experts have been warning of security lapses on cross-chain bridges all year.
Chainalysis, a crypto analysis firm, said in August that bridge exploits had accounted for around $2 billion in thefts so far this year.
Elliptic, another analysis firm, said on Twitter it was helping to track down the Binance funds.
In a report this week, Elliptic said bridges “tend to accumulate large amounts of locked assets on numerous blockchains, many of which may not have advanced security or auditing cultures due to their relative obscurity”.
“This has made bridges an attractive target for cybercriminals in the past,” it added.
Governments are concerned that cryptocurrencies are being used to fund terrorism, circumvent sanctions and prop up repressive regimes.
Experts believe groups linked to North Korea have been behind some of the most high-profile heists, including the Axie Infinity breach.