On October 7, chaos erupted on the BNB chain as hackers exploited it for 2 million BNB (~$560 million). If successful, this could have been the third-largest hack of all time. Fortunately, the hacker could “only” steam $100 million.
The likes of samczsun, bartek.eth, and foobar have detailed the various aspects of the hack in their respective threads. So, how did the attack happen? Let’s take a look.
How did the BNB hack happen?
Before we get into the hack, let’s give you some background:
- Binance has two chains. The older Binance Chain is now called the “ Binance Beacon Chain.” The beacon chain is built using Cosmos SDK, whose primary purpose is fast token transfers.
- The newer chain is called the “Binance Smart Chain.” This chain is similar to the Ethereum EVM chain and is built for smart contract capabilities.
- Both chains use the BNB token to pay gas fees.
Now, here is the important. Users can move tokens from one chain to another using the “Binance Bridge.” This method of transfer doesn’t require you to trust any external validators.
Unfortunately, it turns out that the Binance bridge had a bug that allowed hackers to basically mint BNB out of thin air.
The hacker made two withdrawals of 1 million BSC tokens.
This is the latest high-profile crypto bridge hack. As per Chainalysis, over $2 billion have been stolen in 13 different bridge exploits.
What happened after the BNB hack?
The hacker tried to cash out the funds using different permutations and combinations of liquidity pools, swaps, and bridges. Tether, the largest stablecoin provider, acted quickly to blacklist the hacker’s address. This prevented the hacker from cashing out their loot in USDT. Binance also froze the BNB chain and suspended all activity. These actions ensured that the hacker could “only” siphon out $100 million.
What does this mean for the BNB Chain?
The BNB chain has had its fair share of issues in the past. Majority of its DeFi apps have been exploited via flash loan attacks in the past. Unfortunately, this latest attack sheds a very negative light on the BNB ecosystem. Plus, the fact that the validators could simply “flip a switch” and freeze the chain suggests that the BNB Chain isn’t decentralized at all. However, the flip side is that the hacker wasn’t able to run away with half a billion dollars because the BNB was quick enough to take emergency measures, which it was able to do due to its limited number of validators.
Which side of the debate do you agree with?