The cryptocurrency industry is a new niche, so there are more than enough hacks to go around. To understand the scale of the problem, you can study the list from the Rekt platform, whose creators record the most serious hacks.

Blockchain hack rankings

As you can see, the leader here is the Ronin Network situation from March 29, 2022, which ended up stealing the equivalent of $624 million. The author of today’s incident was aiming for the equivalent of $600 million, which would have put him in the top three. However, it turned out differently in the end.

How the BNB Chain was hacked

A Twitter user under the pseudonym MevRefund noticed something wrong with the BNB Chain network just after midnight today. He drew attention to the transaction and speculated that it could be a “giant BNB 2 million hack”.

Transaction involving the theft of a million BNB

As can be seen in the details of the transaction, it involved a suspicious withdrawal of a million BNB from the BSC Cross Chain contract. As Binance cryptocurrency exchange chief Changpen Zhao later noted, the victim was BSC Token Hub, the bridge between BNB Beacon Chain (BEP2) and BNB Chain (BEP20).

Initially, Twitter users could not determine whether it was indeed a hack of the BNB Chain-affiliated platform. However, analysts later noticed that the hacker had blacklisted Tether, an issuer of the USDT stabelcoin. This led to the conclusion that an outsider had interfered with the network’s activity.

Adding Tether to the blacklist


The hacker was eventually able to get 2 million BNB from the network. And since the cryptocurrency was in the $300 zone before that, members of the blockchain community started talking about a hack of the equivalent of $600 million. Although, in fact, the correct equivalent was around $586 million.


BNB exchange rate chart

The details of the hacking scheme are not yet known. However, as Paradigm researcher Sam Sun noted, the hacker somehow managed to convince the Binance blockchain bridge to send him a million BNB. Once this worked, the hacker repeated the same action and received an additional million BNB to his address.


At the moment, the balance of the hacker's address is 1.02 million BNB, the equivalent of $291 million. In doing so, blockchain explorer representatives have already tagged his address accordingly.

Hacker’s address balance

The hacker then tried to cover his tracks and send the funds to different networks to minimise the possibility of them being blocked. As you can see from the screenshot below, most of the crypto assets remained in the BNB Chain network, while the rest of the money was distributed between Etherium and Fantom, as well as Avalanche and Arbitrum.

Distribution of funds by hacker between different blockchains

BNB Chain representatives got involved next and confirmed the hack. Here is a relevant quote from the tweet.

Due to unusual activity on the network, we are temporarily suspending BSC. Sorry for the inconvenience, we will share further updates here. Thank you for your patience and understanding.

At the same time, The Block’s project representative Igor Igamberdiev noted that before the hack, the hacker was registered as a relay for the blockchain bridge. Moreover, this happened hours before the hack, which means he was preparing for the “operation”.

Preparing the hacker for the hack

The network suspension was necessary to lock down the hacker’s funds and wallet. As noted by a well-known representative of the blockchain community under the pseudonym Hsaka, the equivalent of $425 million remained in the BSC network at the time of the shutdown, while $53 million and $48 million were distributed between the already mentioned Etherium and Fantom networks respectively.

Cryptocurrency distribution after the BNB Chain shutdown

At the same time, Twitter users joked about a tweet from BNB Chain representatives who stated that “they are the ones suspending BSC” and not the network’s validators. At this point, an old meme came in handy where a user is asked to find all the validators of the Binance Smart Chain network. This is a hint at the over-centralisation of the network that is indeed present in the BNB Chain blockchain.

Meme about the alleged validators of the BNB Chain network

As a result, Binance chief executive Changpen Zhao also confirmed the hack. According to him, the BSC Token Hub hack resulted in additional BNB, which was sent to the hacker’s address. He also noted that the amount of the loss is around $100 million.

Changpen Zhao’s tweet about the amount of losses due to the hacker

However, as BNB Chain representatives had by then clarified, thanks to the activity of partners was able to freeze the equivalent of $7 million, which reduced the amount of losses.

Changpen then shared another situation in which he explained how it was. Here’s his transcript.

So, full transparency. I was asleep (yes, I am asleep). By the time I woke up at 3am, the validator community had already suspended the network. Next, I just tweeted and the community and team did all the work.

Some time later, BNB Chain representatives reported that the network had been restarted. Deposits and withdrawals then started working on the Binance exchange as well.

As a bonus, we are reminded of the legendary meme video called “Funds Are Safu”, i.e. “Money is Safe”. It just talks about “hacking Binance”.


What will happen to the remaining amount is unknown. Perhaps the hacker will be able to run it through the mixers and cover his tracks that way. It is also not excluded that most of the money can be returned with a chance to keep a few percent: this scheme is indeed practiced by companies offering the hacker to stay in the role of a "white hacker". In any case, the perpetrator managed to withdraw the equivalent of just over $100 million to other networks, an amount that will certainly not be forgotten.