The BNB Chain network experienced a massive hack. How much cryptocurrency was stolen by the hacker?

Andrey Plat
5 min readOct 7, 2022

Tonight will go down in cryptocurrency history as an attempt to conduct one of the biggest hacks in the history of blockchain technology. The victim in this case was the BNB Chain network, which combines Binance Chain and Binance Smart Chain (BSC) since February 2022. As a result, the blockchain was suspended and the hacker was unable to get the original amount due to the freezing of crypto-assets. What amount of crypto-assets did he get? We tell you more about the situation.

The cryptocurrency industry is a new niche, so there are more than enough hacks. To understand the scale of the problem, you can study the list from the Rekt platform, the creators of which fix the most serious hacks.

As you can see, the leader here is the situation with Ronin Network on March 29, 2022, which ended up stealing the equivalent of 624 million dollars. The author of today’s incident was aiming for the equivalent of $600 million, which would have put him in the top three. In the end, however, things turned out differently.

How the BNB Chain was hacked

A Twitter user nicknamed MevRefund noticed something wrong with the BNB Chain just after midnight tonight. He noticed the transaction and speculated that it could be a “gigantic hack of 2 million BNB”.

As you can see in the details of the transaction, it was a suspicious withdrawal of a million BNB from the BSC Cross Chain contract. As Changpen Zhao, head of the cryptocurrency exchange Binance, later noted, the victim was BSC Token Hub, the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20).

Initially, Twitter users could not determine if this was indeed a hack of the BNB Chain-related platform. However, analysts later noticed that the hacker had blacklisted Tether, an issuer of the USDT steblecoin. This led to the conclusion that an outsider had interfered with the network’s activity.

As a result, the hacker was able to get 2 million BNB from the network. And since the cryptocurrency exchange rate was in the $300 zone before that, representatives of the blockchain community started talking about a hack in the equivalent of $600 million. Although, in fact, the correct equivalent was about 586 million.

The details of the hacking scheme are not yet known. However, as Paradigm researcher Sam Sun noted, the hacker somehow managed to convince the Binance blockchain bridge to send him a million BNB. Once that worked, the hacker repeated the same actions and received an additional million BNB to his address.

At the moment the balance of the hacker’s address is 1.02 million BNB, the equivalent of $291 million. At the same time, representatives of the blockchain explorer have already marked his address accordingly.

Next, the hacker tried to cover his tracks and send the funds to different networks to minimize the possibility of blocking them. As you can see from the screenshot below, most of the crypto-assets remained in the BNB Chain network, while the rest of the money was distributed between Etherium and Fantom, as well as Avalanche and Arbitrum.

BNB Chain representatives further got involved and confirmed the hack. Here is a relevant quote from the tweet. Due to unusual online activity, we are temporarily suspending BSC. Sorry for the inconvenience, we will share further updates here. Thank you for your patience and understanding.

At the same time, B&M specialists noted that before the hack, the hacker was registered as a relayer for the blockchain bridge. Moreover, this happened several hours before the hack, which means that he was preparing for the “operation”.

At the same time, Igor Igamberdiev, a representative of The Block project, noted that before the hack, the hacker was registered as a relay for the blockchain bridge. Moreover, this happened several hours before the hack, which means that he was preparing for the “operation”.

The network suspension was necessary to block funds and the hacker’s wallet. As a well-known representative of the blockchain community under the pseudonym Hsaka pointed out, the equivalent of $425 million was still in the BSC network at the time of the suspension, while $53 million and $48 million were distributed between the already mentioned Etherium and Fantom networks respectively.

At the same time, Twitter users joked about a tweet from BNB Chain representatives who stated that “they were the ones suspending BSC” and not the network’s validators. At this point, an old meme came in handy where a user is asked to find all the validators of the Binance Smart Chain network. This is a hint at the excessive centralization of the network, which is indeed present in the BNB Chain blockchain.

As a result, Binance CEO Changpen Zhao also confirmed the hack. According to him, the BSC Token Hub hack resulted in additional BNBs, which were sent to the hacker’s address. He also noted that the amount of the loss was about $100 million.

At the same time, as BNB Chain representatives clarified by that time, thanks to the activity of the partners it was possible to freeze the equivalent of $7 million, which reduced the amount of losses.

Chanpen then shared another situation, in which he explained how things were. Here’s his transcript.

So, total transparency. I was asleep (yes, I am asleep). By the time I woke up at 3am, the validator community had already suspended the network. Next, I just tweeted and the community and team did all the work.

Some time later, representatives of BNB Chain reported that the network was restarted. Then deposits and withdrawals started to work on the Binance exchange as well.

As a bonus, we recall the legendary meme-video titled “Funds Are Safu”, that is, “Money is safe”. Here is just a story about “hacking Binance”.

What will happen to the remaining amount is unknown. Perhaps the hacker will be able to run it through the mixers and cover his tracks that way. It is also possible that most of the money could be returned, with the possibility of keeping a few percent: this is indeed a scheme practiced by companies, offering the hacker to stay in the role of a “white hacker. In any case, the criminal managed to withdraw to other networks the equivalent of just over 100 million dollars, and this amount certainly will not be forgotten.



Andrey Plat

Blockchain projects, promotion and development. Open source intelligence (OSINT). Non-standard tasks, with non-standard execution.