$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part.

Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world.

The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very “decentralized”.

How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does this all have to do with decentralization?

Let’s go through this in order.

How the BSC Token Hub was Hacked

The BSC Token Hub is a cross-chain bridge native to Binance that allows users to transfer tokens between the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC).

On October 6, 2022, an attacker interacted with the BSC Token Hub smart contract in a way that allowed them to print two million BNB tokens (the native token on the BNB Smart Chain), worth approximately $566 million at the time. This was achieved using falsified transactions that convinced the bridge that the attacker had deposited the BNB previously, and was therefore eligible to withdraw that much.

According to Binance’s official response, “the exploit was through a sophisticated forging of the low level proof into one common library,” and an anonymous blockchain researcher who goes by @samczsun on Twitter shared an in-depth breakdown of the technicalities involved in the forgery.

BNB Hack

Source: https://twitter.com/samczsun/status/1578167198203289600?s=20&t=pd2TogOJt1dnOX9aq9Epqg

How the Binance Bridge Hack was Stopped

The short version is that the Binance team was able to respond quickly to rally all the validators on the network to halt the BNB Smart Chain and freeze the majority of the stolen funds before they could be fed through mixers and taken off-chain.

At the time of BNB Smart Chain’s network suspension, around $430M worth of crypto in the attacker’s wallet was frozen, while another ~$110M had already been transferred to various other blockchains. Here’s a snapshot of where the extra funds went:

Binance Bridge Hack

Tether had begun blacklisting ill-gotten USDT in the hacker’s Ethereum wallet, and Circle will likely do the same with their USDC as soon as an attempt is made to put it through a mixing service or send it to an exchange for withdrawal. For now, tracking any potential movement of the funds provides further insight for cybersecurity experts and law enforcement to continue their investigation and attempt to uncover the attacker’s identity.

So how does this Change the way People View Web3?

It all comes back to decentralization.

A network can be considered “decentralized” if it has a sufficient number of distributed nodes that all share equally in the functions of running the network and keeping it secure. What exactly the “sufficient” number is is up for debate, but it largely comes down to how easy it is for one centralized authority to control what happens to the entire network.

For example, there are nearly 15,000 Bitcoin nodes, over 8,000 Ethereum nodes, and only 26 active BNB Smart Chain nodes at the time of writing. BNB Smart Chain technically is a network of distributed nodes, but it’s not very many nodes comparatively, and the ones that do exist are influenced by Binance’s team to a high degree. It’s this high degree of centralized authority which prompted the BNB Smart Chain node operators to rapidly halt the blockchain and implement a software upgrade which froze the remaining stolen BNB.

When we consider the infamous “blockchain trilemma” (the commonly held belief that a blockchain can only have 2/3 in regard to decentralization, security, and scalability), it’s clear that the BNB Smart Chain sacrifices decentralization for better security and scalability. That’s why their transactions are so fast and cheap, and why they are able to respond to cyber attacks so effectively, but at the end of the day how much different is it from using a normal bank when there’s just a small team of validators who control the entire network?

The answer is that it’s actually quite different. The Binance ecosystem taken as a whole (the exchange, the team, the token and the blockchain) is a bit like web3 lite for users who want a more simple experience of digital asset trading and use. It’s like an introductory on-ramp for crypto and NFTs. While the promises of ETH 2.0, layer 2s and ZK rollups, as well as competing blockchains are all good alternatives that might solve the blockchain trilemma in the future, the BNB Smart Chain in its current form has shown that it can withstand major exploits and mitigate some of the risks inherent to the early adoption of this disruptive technology.

The CEO of Binance, Changpeng Zhao, shared his thoughts on decentralization in the wake of the BNB Smart Chain bridge hack, stating “it is also important to remember that decentralization is a means to the goal, not the goal itself. The goal is freedom, security, and ease of use.

Marin Ivezic
Website | Other articles

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.