Hackers Steal $570 Million in Binance Coin Cyberattack

On October 4, 2022, hackers executed a sophisticated cyberattack against Binance's cryptocurrency infrastructure, exploiting a critical vulnerability in the BSC Token Hub—a cross-chain bridge connecting BNB Beacon Chain and BNB Chain. The attack went undetected for two days until Binance publicly acknowledged the incident on October 6, announcing a temporary suspension of BNB Smart Chain transactions.

The stolen assets totaled approximately 2 million BNB tokens, worth roughly $570 million at the time of the breach. What made this attack particularly notable was the method: rather than targeting user wallets, the hackers exploited a flaw in the bridge's smart contract that verified cross-chain proofs. The vulnerability allowed attackers to forge proof messages by bypassing the system's Merkle tree verification process—failing to validate the Merkle tree all the way to the root hash. This gap in security enabled the criminals to mint 2 million new BNB coins directly into their own wallet.

To execute the exploit, the attacker first registered as a relayer on the system—a role designed to facilitate legitimate cross-chain transactions. This insider-like positioning allowed them to set up and deploy the attack with minimal resistance from the network's detection systems.

Binance's response was swift. Immediately upon discovering the breach, the exchange suspended all transactions on BNB Chain to prevent further damage. The company, along with community members and security partners, managed to freeze approximately $7 million in stolen funds—a recovery representing only a fraction of the total loss. CEO Changpeng Zhao attempted to reassure users through social media, tweeting: "The issue is contained now. Your funds are safe."