A Breakdown of the $570 Million Binance Ecosystem Hack
Cross-chain bridges are the weakest link in the blockchain ecosystem, and this hack shows us why!
The global cryptocurrency market has struggled with hacks for almost its entire existence. One of the latest attacks to shake up the crypto market is a hack of the Binance ecosystem.
On October 7, the world’s largest cryptocurrency exchange, Binance, reported that its blockchain (BNB Smart Chain) had been attacked. Hackers had exploited a vulnerability in the BNB Smart Chain and created two million BNB tokens (Binance’s native token), resulting in a loss of $570 million to the Binance Network. Let’s take a closer look at the situation, what we can learn from it and what it means for the crypto market.
So, what happened to Binance?
Within the Binance ecosystem, the BNB chain includes the BNB Smart Chain (BSC), which facilitates smart contracts and the development of decentralized applications, and the BNB Beacon Chain, which is used for governance purposes.
The hack (or exploit as BNB’s blog calls it) that happened earlier this month affected the BSC Token Hub, a cross-chain bridge that facilitates transactions between the BNB Beacon Chain and BSC. BSC Token Hub had a vulnerability that allowed the hacker to forge messages and create new tokens.
Using this vulnerability, the hacker was able to mint 2 million BNB tokens. Binance quickly found out about the exploit and suspended BSC. Thus, the hacker only withdrew around 100-110 million dollars from the blockchain. Another US$7 million from the US$570 million worth of BNB tokens was frozen with the help of Binance’s security partners, further reducing the impact of the hack.
What can we learn from this attack?
This attack has highlighted the weaknesses in blockchain bridges. To understand this better, let’s look at an example. Suppose you want to transfer Bitcoin to the Ethereum network; you need to use a blockchain bridge which will give you a “bridged” version of Bitcoin that is now compatible with the Ethereum network. These bridged assets are backed by a central storage point for funds on the receiving blockchain (Ethereum in this case), attracting hackers to exploit loopholes and steal the funds.
Another problem with cross-chain bridges is that they do not have the same community as the underlying blockchains. That means there simply aren’t enough people to audit code and look for vulnerabilities.
Just this year, over $2 billion worth of cryptocurrency has been stolen due to cross-chain bridge hacks. Many crypto experts, such as Ethereum co-founder Vitalik Buterin, have expressed concern about the security of cross-chain bridges.
This is not to say that no effort is being made to improve cross-chain bridges. For example, has a cross chain bridge called Wormhole launched a bug bounty program where it will offer payouts as high as USDC 10,000,000 (about US$10,000,000) to those who can catch bugs in the system. Poly Network also did the same and created a bug prize pool of USD 500,000.
How does this hack affect the crypto market?
As of Q3 2022, the crypto market has lost $2.3 billion, of which hacks contributed to 93% of losses. This hack is just the latest addition to the billions the crypto market has lost to malicious attacks.
Apart from causing direct financial losses, these hacks also negatively affect investor sentiment. Given the recent crypto crash we saw earlier this year, people are sure to be worried about investing their hard-earned money in cryptocurrencies. Hacks like this will only strengthen the uncertainty of investing in crypto.
Alternatively, some crypto experts believe that these hacks have an overall positive impact on the attacked network. They expose problems that exist in the network and encourage the network to devote more resources to securing the blockchain. We’ve seen this happen with Binance, where the community is ready to vote on whether to offer bounties to those who catch hackers and recover any funds lost in future hacks.
Fortunately for Binance, their token’s value has remained relatively stable despite the hack. The BNB token was trading at USD 280.05 on the day of the attack and is trading at USD 271.58 as of October 17. It has maintained its ranking as the fifth largest cryptocurrency by market cap, which may have to do with how quickly Binance acted to defend against the attack.
ONE chirping by Binance CEO Changpeng Zhao can best sum up the situation: “Some setbacks make you stronger. Never waste an opportunity.” This should be a warning to not only Binance, but also other crypto companies that operate cross-chain bridges. Hopefully, crypto developers make a concerted effort to improve cross-chain bridges and make crypto networks more secure so that these attacks become less prevalent.
Header Image courtesy of Binance’s website