The address associated with the recent BNBChain bridge exploits just moved $45M worth of ETH to a new address.
The BNBChain bridge exploit surprised the entire community, as hackers aimed to execute the malicious act stealthily overnight. Notwithstanding, the Binance team was able to address the situation soon enough to minimize the damage caused, with Tether making its own attempt to blacklist the associated address.
Despite these commendable efforts, the hackers were able to cart away with funds within the range of $100M. Due to the swift action of the Binance team, $400M remained on BSC, with the hackers sending $50M to Fantom and $50M to Ethereum. It appears the funds converted to Ethereum are now on the move.
— PeckShieldAlert (@PeckShieldAlert) October 6, 2022
PeckShieldAlert, a Chrome extension tool from blockchain security company Peck Shield, revealed the development through its official Twitter page.
“PeckShieldAlert BNBChain Token Hub Exploiter 0x489A87 has transferred ~33,772 $ETH (～$45M) to a new address 0xFA0a3…14e9,” the handle highlighted.
— PeckShieldAlert (@PeckShieldAlert) October 8, 2022
A look at the transaction hash 0x74701d8816a4b3b6c377dfb1dab2edd5abfe7ad92d114905aaf151a701ff26d9 on Etherscan confirms the alert from PeckShield.
The transaction which occurred on October 7, 6:15:35 PM (UTC) involved the transfer of 33,771 Ether (worth $44,879,672 against prevailing rates) from the address associated with the BNB Bridge exploit 0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec to a new address 0xfa0a32e5c33b6123122b6b68099001d9371d14e9.
This indicates that the hackers want to move the funds out of sight. It remains the practice of criminals to utilize crypto mixers such as the OFAC-sanctioned Tornado Cash to cover their tracks.
Recall that the BNBChain-linked exploit, which occurred in the late hours of October 6, affected a cross-chain bridge native to the BNB Chain ecosystem called the “BSC Token Hub.” BSC Token Hub is a bridge between the BNB Beacon Chain (BEP2) and the BNB Smart Chain (BEP20 or BSC).
The exploit led to a withdrawal of 2 million BNB (worth around $566M). To contain the situation, the BNBChain team had to consult with validators to pause on-chain activities on the network.
The hack was summarily addressed, limiting the funds withdrawn from the BSC ecosystem to $100M. Following the exploit, the CEO of Binance, Changpeng “CZ” Zhao, appeared on CNBC’s Squawk Box show to discuss a few issues. The Crypto Basic reported that CZ entertained questions regarding the recent exploit.
CZ noted that he remains confident of the community’s trust in Binance due to the swift response from the team. Additionally, CZ highlighted that, despite the hack, BNB had dipped by less than 5% at the interview. The asset has only seen a dip of 1.2% as of press time, as it changes hands at $281.
Furthermore, the BNBChain team released a statement concerning the hack on Friday after containing the situation. The team apologized for the exploit and revealed four action points that will be subjected to governance votes for the “common good of BNB.”
These points include:
- Actions to take on the hacked funds – whether to freeze them or not.
- Whether or not the developers should implement the BNB Auto-Burn feature to cover the rest of the hacked funds.
- A White Hat initiative will reward each White Hat that uncovers a future significant bug with $1M.
- A bounty for hackers caught, promising 10% of the recovered funds to anyone who provides substantial assistance.
In addition to these points, CZ further told CNBC that the BNBChain team has noted the bug and is looking to learn from the mistake to make the network more secure in the future.