Cybercriminals captured about €586 million ($570 million) in a hack on Binance. The hack was possibly caused by a flaw in a software tool for automatically executing transactions.

The hack allowed the cybercriminals to steal 2 million BNB, Binance’s own cryptocurrency. 2 million BNB has a market value of about €586 million ($570 million).

The hack was made possible by a security vulnerability in the blockchain’s cross-chain bridge. A cross-chain bridge is a technology for transferring cryptocurrency or other digital assets between two different blockchains.

The cross-chain bridge in question was the BSC Token Hub. This connects the BNB Chain to the crypto operator’s BNB Beacon Chain. The latter blockchain allows transactions to be performed based on BEP2 technology for digital assets. BEP2 defines a set of technical standards for implementing and issuing digital assets.

Faulty smart contract feature

According to Binance, the flaw in the cross-chain bridge hid in a smart contract feature. A smart contract is a software tool that automatically executes transactions without human input. The tool was not used by the hackers to steal crypto from customers, but to mine 2 million in new BNB coins instead.

In response to the attack, the crypto operator stopped all transaction processing on the BNB Chain. In addition, Binance reportedly managed to freeze €7 million in illegitimate crypto funds. The rest is still stored in the cybercriminals’ crypto wallets. The whereabouts of about €102 million euros ($100 million) are unknown.

More validation

According to CEO Changpeng Zhao, customers’ crypto funds are safe. BNB Chain is quickly deploying a new governance mechanism to prevent similar cyberattacks in the future. It also plans to hire more ‘validators’ — individuals or agencies — to verify transactions on the blockchain. The BNB Chain blockchain currently has 44 validators.

Tip: Diary of a ransomware attack: attack, recovery, best practices