Binance temporarily suspended deposits and withdrawals on its blockchain network on Thursday evening after hackers were able to withdraw two million BNB tokens worth about $570 million.
According to the cryptocurrency exchange, hackers exploited a native cross-chain bridge between the firm's BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as "BSC Token Hub." Cross-chain bridges allow users to move their digital assets from one blockchain to another.
"The exploit was through a sophisticated forging of the low level proof into one common library," Binance said in a Friday blog post. "Thanks to the assistance of all the security experts, projects, and validators, the vast majority of the funds remain under control."
In order to suspend deposits and withdrawals, Binance had to reach out to 26 active validators, or entities that confirm blockchain transactions, across 44 different time zones.
"This delayed closure, but we were able to minimize the loss," the company added.
Initial estimates from BNB Chain said hackers took between $70 million and $80 million. The company estimated $7 million of the seized funds had already been frozen.
Binance CEO Zhao Changpeng later said in a Twitter thread on Thursday that the estimated impact was around $100 million.
The BNB Chain has resumed operations. As of the time of publication Friday, BNB is down more than 3%, trading around $282 per coin, according to CoinMarketCap. The fifth largest coin has a market cap of over $45 trillion.
Moving forward, Binance said it would hold on-chain governance votes to determine whether the hacked funds will be frozen and whether to use a "BNB Auto-Burn" to cover the remaining hacked funds. A BNB Auto-Burn automatically adjusts the amount of BNB to be burned based on the BNB price and the number of blocks generated on the BNB Chain during each quarter
It will also hold votes on whether to launch a Whitehat program offering $1 million apiece for discovering future bugs and a bounty program offering up to 10% of recovered funds for catching hackers.
Additionally, a new on-chain governance mechanism will be introduced on the BNB Chain to fight and defend against future possible attacks and the number of community validators will be expanded.
The latest hack comes after more than $600 million worth of cryptocurrency was siphoned by hackers who exploited the Ronin network, a blockchain project used by players of Axie Infinity. The theft marked one of the largest crypto heists in history. In April, Binance said that it had recovered $5.8 million worth of the stolen funds.
In August, Chainalysis estimated that $2 billion in cryptocurrency has been stolen across 13 separate cross-chain bridge hacks — the majority of which was stolen this year. The data analytics firm said at the time that the attacks on bridges had accounted for 69% of total funds stolen in 2022.