Scammers make off with $100 million from world’s largest crypto exchange

Binance says $580 million stolen, but that it managed to freeze most of the amount and limit losses; company’s chief insists ‘your funds are safe’

Binance CEO Changpeng Zhao answers a question during a Zoom meeting interview with The Associated Press on November 16, 2021.  (AP Photo, File)
Binance CEO Changpeng Zhao answers a question during a Zoom meeting interview with The Associated Press on November 16, 2021. (AP Photo, File)

PARIS — Scammers stole cryptocurrency worth roughly $100 million from Binance, the world’s biggest exchange for cryptoassets, the firm said on Friday.

The total stolen was $580 million, but company chief Changpeng Zhao said roughly 80 percent had been frozen immediately, and the damage had been limited to less than $100 million.

He tweeted that “an exploit” in the system led to extra production of the exchange’s dedicated currency, BNB, but insisted the issue had been “contained” and told his seven million followers: “Your funds are safe.”

It is among the biggest thefts in cryptocurrency history and comes in a year where scammers preying on the sector have got away with billions of dollars.

In the most damaging incident, the Axie Infinity blockchain game was hacked for more than $500 million in late March.

Both scams exploited weaknesses in “cross-chain bridges” — the means used by investors to move assets from one blockchain to another.

Blockchains are digital ledgers that store details of transactions. Many cryptocurrencies rely on blockchain technology, including bitcoin.

A visual representation of Bitcoin, at the ‘Bitcoin Change’ shop in Tel Aviv, February 6, 2018. (Jack Guez/AFP)

Binance, which boasted of handling transactions worth $32 trillion last year, said in a statement that “a total of 2 million BNB was withdrawn,” which valued the heist at around $580 million.

Zhao later clarified in an interview with MSNBC that most of those coins had been frozen.

A Binance spokesman told AFP that rapid reaction and coordination meant “the majority of the funds remained in the exploiter’s address, while partners helped secure funds on other chains as well.”

‘Complete chaos’

Prominent crypto figures had taken to social media late on Thursday talking of a $600 million theft hours before the firm sent its first statement.

“Somebody on BNB just got hacked for [roughly] 2 million BNB,” wrote a developer who uses the name foobar on Twitter.

“The attacker is spewing funds across liquidity pools and utilizing every bridge they can to get to safer chains. Complete chaos on the chain.”

Experts have been warning of security lapses on cross-chain bridges all year.

Chainalysis, a crypto analysis firm, said in August that bridge exploits had accounted for around $2 billion in thefts so far this year.

Elliptic, another analysis firm, said on Twitter it was helping to track down the Binance funds.

In a report this week, Elliptic said bridges “tend to accumulate large amounts of locked assets on numerous blockchains, many of which may not have advanced security or auditing cultures due to their relative obscurity.”

“This has made bridges an attractive target for cybercriminals in the past,” it added.

An illustrative photo of a person typing on a keyboard as part of a cyber breach. (Techa Tungateja; iStock by Getty Images)

Governments are concerned that cryptocurrencies are being used to fund terrorism, circumvent sanctions and prop up repressive regimes.

Experts believe groups linked to North Korea have been behind some of the most high-profile heists, including the Axie Infinity breach.

Most Popular
read more: