BitBNS Exchange Hacked for $8 Million, Incident Initially Concealed

Summary

On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.

Attackers

The identity of the attacker remains unknown. The following addresses were involved:

Losses

The total loss is $8,068,660 across the Ethereum, BSC and Polygon chains. It is reported that some of the funds were recovered, but the exact amount has not been specified.

Funds lost by chain:

  • Ethereum:
    • $6,780,064 worth 2,430 ETH
  • BSC:
    • $685,939 worth 1,785 BNB
  • Polygon:
    • $602,657 worth 365,247 MATIC

Timeline

Security Failure Causes

Infrastructure Vulnerability: The exploit occurred due to a vulnerability in BitBNS’s AWS cloud storage, leading to unauthorized access to the exchange’s private keys.