The world’s largest cryptocurrency exchange, Binance, reported on Friday that scammers had stolen $100 million in digital assets.
Company chief Changpeng Zhao wrote on Twitter that “an exploit” in the system led to extra production of the exchange’s dedicated currency, adding: “The current impact estimate is around $100m.”
“The issue is contained now. Your funds are safe. We apologise for the inconvenience and will provide further updates accordingly,” he wrote.
It is among the biggest thefts in cryptocurrency history, although it is still dwarfed by the mammoth heist of more than $500 million from the Axie Infinity blockchain game earlier this year.
Scammers are increasingly using weaknesses in “cross-chain bridges” — the means used by investors to move assets from one blockchain to another.
Blockchains are digital ledgers that store details of transactions — the biggest is bitcoin but there are thousands of others.
Changpeng Zhao wrote that the theft involved “an exploit on a cross-chain bridge, BSC Token Hub”, reassuring customers it had been fixed.
The exchange said on Reddit that the amount taken was between $100 and $110 million, adding that $7 million had already been recovered.
The Axie Infinity hack and another heist last month on crypto firm Nomad of almost $200 million also involved bridges being exploited.
Chainalysis, a crypto analysis firm, said in August that bridge exploits had accounted for around $2 billion in thefts this year already.
Elliptic, another analysis firm, said in its crime report this week that bridges “tend to accumulate large amounts of locked assets on numerous blockchains, many of which may not have advanced security or auditing cultures due to their relative obscurity”.
“This has made bridges an attractive target for cybercriminals in the past,” it added.