Hackers have stolen cryptocurrency worth about $570 million from BNB Chain, a blockchain created by cryptocurrency company Binance Holdings Ltd.

Binance operates a popular cryptocurrency exchange that ranks as the world’s largest by trading volume. In 2019, the company launched a blockchain called BNB Chain and a cryptocurrency, BNB, that runs on the blockchain. BNB has an estimated market capitalization of more than $45 billion.

Binance disclosed late Thursday that hackers had stolen 2 million BNB coins, worth about $570 million, from the BNB Chain. The hackers stole the cryptocurrency using a security vulnerability in a cross-chain bridge connected to the BNB Chain. A cross-chain bridge is a technology that allows users to transfer cryptocurrency, other digital assets and data between two different blockchains.

The cross-chain bridge that hackers targeted in the breach is known as the BSC Token Hub. It connects the BNB Chain with the BNB Beacon Chain, a similar blockchain that makes it possible to carry out transactions using the BEP2 digital asset technology. BEP2 defines a set of technical standards for implementing and issuing digital assets. 

The security flaw that the hackers used to carry out the cyberattack was reportedly found in the cross-chain bridge’s smart contract feature. A smart contract is a software tool that makes it possible to carry out transactions automatically without manual input. The hackers reportedly didn’t steal user funds, but rather used the smart contract feature to mint 2 million new BNB coins.

In response to the breach, Binance temporarily paused transaction processing on the BNB Chain. The company reportedly managed to freeze $7 million of the funds stolen by the hackers. Most of the remaining funds currently remain in the hackers’ cryptocurrency wallet, while about $100 million is “unrecovered,” according to Binance. 

“The issue is contained now. Your funds are safe,” Binance founder and Chief Executive Officer Changpeng Zhao tweeted on Thursday. “We apologize for the inconvenience and will provide further updates accordingly.”

BNB Chain will roll out a new “governance mechanism” to prevent similar cyberattacks from happening in the future. Additionally, it plans to add more validators, the term for the organizations or individuals tasked with verifying transactions on a blockchain. BNC Chain currently has 44 validators.

Cyberattacks against cross-chain bridges have become more common over the past few quarters. Chainalysis Inc., a venture-backed blockchain analytics startup, estimates that about $1.9 billion was stolen between January and July through cyberattacks targeting cross-chain bridges. That’s up from $1.2 billion the same time a year earlier.

Image: Flickr