October 10, 2022

Cyber heists - How two cryptocurrency platforms lost more than 1B Euro

  • Cybersecurity


One of the biggest hacks in history happened last week at Binance BNB Cryptocurrency. You would think that cryptocurrency transactions are secure and anonymous, but service providers who conduct transactions and manage accounts are not that anonymous. The incident happened at Binance BNB Cryptocurrency causes a tremendous loss of 570 million Euro in cryptocurrency.

In 2021 there were over 40 breaches at cryptocurrency exchanges with total losses of over 30 billion Euro. In 2022 there have been already at least 6 exchange breaches with almost 1 billion Euro in losses. One of them is Ronin Network Heist back in March 2022. These incidents clearly show Crypto Vulnerabilities. Keep in mind that the fall in cryptocurrency values this year makes the monetary losses look smaller, but in fact the scale of the breaches was not that different from last year.

Over 600 million Euro loss due to the Ronin Network Hack


Most of the heists, including the second biggest theft to date (over 600 million Euro) at the Ronin Network, may seem complicated, but they all were caused by a simple reason: the theft of private keys. Victim accounts often used private keys that were reusing credentials stolen from other sites. The private keys were stolen from accounts usually using reused credentials stolen from other sites.  The Ronin Network heist using private keys was more interesting.

The Ronin Network is one of the leading platforms to manage transactions related to gaming NFTs (non-fungible tokens) and other virtual assets especially for the gaming sector. Ronin has eight validator nodes to ensure security where at least five of the nodes must verify the transaction is valid.  Every single validator node has its own private keys. Four nodes belong to Sky Mavis.





This company runs a game called Axie Infinity. It was hacked in December 2021 during a game promotion. For this event, the security was at a lower level because of heavy player load. After the hack, the game was never reenabled again. Nevertheless, the hackers were able to gain access to a fifth validator node allowing them to approve any fraudulent transactions. Only after a player could not withdraw cryptocurrency from his account, the heist was discovered after the player filed a support request. 

What happened during the 570 million Euro Binance Heist?


Last week an even more interesting cryptocurrency heist happened at Binance, the largest cryptocurrency exchange. What is interesting is that Binance froze their transactions during investigation of the Ronin incident.  Binance even created its own currency called BNB, today the 5th largest cryptocurrency based on market capitalization.  


What is different in this heist is that there was no traditional theft at all. Instead, hackers were able to exploit a flaw in the BNB blockchain allowing them to mint or create 2 million BNB tokens with an estimated worth of 570 million EUR. That is like getting access to the central bank printers and creating millions in cash for yourself.




After their heist, the hackers made a grave mistake. They tried to convert a substantial number of tokens into other cryptocurrencies but attracted unwanted attention doing it. They were able to convert 53 million EUR worth of BNB to decentralized Ethereum, but exchange into other currencies was more tightly controlled and therefore quickly blocked. This gave Binance the chance to stop all transactions at its 44 validators globally, freezing all BNB transactions so the heist could be investigated.

Binance has since slowly restarted processing transactions after they made sure that no customer accounts were compromised anymore or lost any assets. In addition, new security upgrades were implemented to make sure this will not happen again. For this purpose, network analytics would be the best way to detect such suspicious activities.

Most of the falsely minted tokens have not been recovered and are presumed to be stored offline. Even Binance claims “only” 100 million EUR were lost in this hack, it is unclear if transactions using these tokens will be detected and blocked in the future.

The heist was conducted by exploiting a flaw in the BNB blockchain at a connection point called a “bridge.” In these bridges transactions are converted from one blockchain system to another comparable with sending money from the UK to Germany with an automatic conversion from pound to Euro. Once the bridge was in control of the hackers, they could start to create one million new tokens and transfer them to a hacker account. A second transaction created an additional 1 million new tokens and transferred them in the same way.