BNB Chain Lost $100M To a Hack – What Went Wrong?
Early October 7th, CZ announced via Twitter that the BNB Smart Chain was experiencing an exploit on its cross-chain bridge, BSC Token Hub, that had resulted in the minting and transfer of extra BNB.
Attacker Forged Proofs that Allowed them to Mint 2M BNB
The BNB Chain team soon published a blog post explaining that the attacker had managed to carry out ‘sophisticated forging of the low-level proof into one common library.’
Adrian Hetman, tech lead of the Triaging Team at Immunefi, a Web3 bug bounty program provider, explained in an interview with TechCrunch that the bug in the cross-chain bridge allowed the hacker to trick the logic of its smart contract into thinking their message proofs were valid ‘even though the hacker didn’t have valid claims to the funds.’
By doing so, the attacker convinced the cross-chain bridge to send them 1,000,000 BNB twice, the equivalent of $570 million at the time. In simple terms, the attacker had figured out a way of minting new BNB tokens.
Hacker Tried to Move the Funds to Different Chains
An initial investigation by the team at SlowMist revealed that the attacker then attempted to launder the funds through a series of transactions beginning with a 900k BNB deposit to Venus Protocol to borrow 62 million BUSD, 50 million USDT, and 35 million USDC. The attacker also began spreading their loot on the various networks to try to cover their tracks.
Attacker’s attempt to launder the stolen funds. Source, SlowMist on Twitter
BNB Chain Was Successfully Paused, Preventing the Entire $570M from Being Stolen
At the same time, the BNB Chain team was working fast to mitigate the enormity of the hack. The team opted to contact all 26 active community validators in 44 different time zones to stop the incident from spreading. A decision was then made to suspend the BNB Smart chain to contain the exploit and help freeze any additional transfers.
According to the SlowMist team, the suspension of the chain helped save an estimated $430 million worth of digital assets, with the attackers getting away with an estimated $110 million. CZ also gave a similar figure of $100 million lost due to the exploit.
User Funds Were Not Affected, and the BNB Chain was Not Rolled Back
The BNB Smart Chain was restarted on the same day of the hack. The team soon released a hot-fix and hard fork of the blockchain that included the blacklisting of addresses to prohibit a continuation of the exploit.
In an additional update of the event, the BNB Chain team explained that the blockchain was not compromised and no user funds were affected since the attacker had minted new BNB tokens. They also clarified that the blockchain ‘was never rolled back’ and its validators carried out ‘a synchronized pause and resume.’
Proposed Actions for the BNB Chain Moving Forward
The team at the BNB Chain has since proposed governance votes to determine the following four actions moving forward.
- What to do with the hacked funds? Should they be frozen or not?
- Whether to use the BNB auto-burn feature to cover the remaining hacked funds or not
- The possible introduction of whitehat bug bounty programs with a $1 million reward for significant finds
- An additional bounty for catching hackers with a 10% reward of recovered funds
Actions of the BNB Chain Validators Have Reignited Centralization vs. Decentralization Discussions
However, the swift actions of the BNB Chain team and the network’s validators have reignited discussions as to whether the Binance-linked blockchain is genuinely decentralized.
In a theoretically decentralized chain, the hack would have progressed in its entirety with the $570 million lost and the bug potentially being exploited until a hotfix was implemented.
But at the same time, the question of ethics pops up. Would it have been appropriate for the team to watch as the situation escalated, particularly with the crypto-verse being in the spotlight of global regulators?
CZ also explored these questions in a blog post where he debated the ‘Centralization vs. Decentralization’ topic. In the article, CZ pointed out that decentralization is not binary. He said:
I believe the first thing to understand is that decentralization is not binary, and not single-dimension. There are multiple aspects to decentralization. Every aspect is a gradient scale, not simply black-and-white.
It is also important to remember that decentralization is a means to the goal, not the goal itself. The goal is freedom, security, and ease of use.
Therefore, with security in mind, the actions of the BNB Chain team and the network’s validators were justified in this instance.