Unknown hackers gained access to $570 million worth of cryptocurrency from Binance, the world’s largest cryptocurrency exchange, this week, but company officials have minimized the losses to under $100 million, its CEO said Friday.
“The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Changpeng Zhao said in a tweet.
A Reddit post by Binance said the company temporarily suspended transactions and the transfer of funds after detecting an exploit between two blockchains, a method of digital theft that has been used recently in at least one other major hack.
Zhao said in an interview with CNBC that the crypto industry is suspectible to hackers whenever customers move their assets from one blockchain to another, but the goal is to learn from what caused the hack and develop extra safeguards in coming years.
Binance handles 1.4 million transactions per second and moves $2 billion worth of crypto assets per day. It is the latest crypto company to experience a targeted hack.
Hackers struck Nomad in August, reportedly taking nearly $200 million. The Nomad hack was also an exploitation of a cross-chain bridge intended to allow the transfer of assets and information from one blockchain to another. Harmony lost about $100 million in a hack in June.
Crypto.com, known for its viral commercial starring Matt Damon and for a recent $700 million deal to rename the former Staples Center in Los Angeles, said in January that the hackers managed to bypass its two-factor authentication system and withdraw the funds from 483 customer accounts. Crypto platform Wormhole and Ronin Network were also targets of hackers this year.
Hackers target DeFi platforms, bridges
Cybersecurity experts say hackers often target decentralized finance, or DeFi, platforms with weak security. DeFi services are typically built on public blockchains, allowing users to exchange crypto back and forth without the need for an established financial institution like a bank or credit union.
Hackers stole $1.9 billion in crypto from platforms worldwide this year between January and July, up from $1.2 billion during the same period in 2021, according to blockchain analytics firm Chainalysis.
Zhao said the Binance issue took place on the BSC Token Hub, a cross-chain bridge that allows for the transfer of both digital assets and data between block chains.
Cross-chain bridges are viewed as susceptible to theft because of several inherent weaknesses, first and foremost being that they hold a lot of cryptocurrencies, thus providing a larger and more complex arena for hackers to infiltrate. Many sacrifice security to grow quickly, making them more prone to bugs that hackers can exploit.
“New on-chain governance mechanism”
Binance believes that $100 million to $110 million in funds were taken.
The company said in a blog post on Friday that it was working on locking down any areas of vulnerability.
“A new on-chain governance mechanism will be introduced on the BNB Chain to fight and defend future possible attacks,” the post read.
Binance also said it will increase the number of community validators, which are software developers who verify that crypto assets changing hands or moving to other blockchain are going to the intended destination, as it moves towards further decentralization. BNB Smart Chain currently has 26 validators. Having so few validators delayed how quickly Binance responded to the hack, but the company was still able to minimize the losses, it said in the blog post.
Binance said last year that it was time for global regulators to establish rules for crypto markets. The company acknowledged at the time that crypto platforms have an obligation to protect users and to prevent financial crimes, along with the responsibility to work with regulators and policymakers to set standards to keep users safe.