Binance is the world’s leading cryptocurrency exchange. It wasn’t hacked.
Hackers stole $570M in tokens from Binance, the world’s largest cryptocurrency exchange. The hack targeted the BSC Token Hub, which serves as a link between two Binance systems. Binance reported in a blog post that an exploit affecting a cross-chain bridge between their BNB Beacon Chain and BNB Smart Chain caused the massive breach.
Crypto bridges are necessary infrastructure, but easy targets. They act as connectors that enable independent blockchains to transfer assets and information between each other. An application on Ethereum can’t communicate with another application for example on Solana, which can be obviously limiting. As we were getting more blockchains, there is a need for those cross-chain bridges which facilitate the communication between two different blockchains.
Bridges are an attractive target because they often feature a central storage point of funds that back the “bridged” assets on the receiving blockchain. Regardless of how those funds are stored —locked up in a smart contract or with a centralized custodian— that storage point becomes a target. Binance uses its own native cross-chain bridge for its exchange, so hackers were able to exploit it while the money was in their cross-chain bridge. With many new models being developed, cross-chain bridges present attack vectors that may be exploited by bad actors.
In August, Chainalysis estimated that $2 billion worth of cryptocurrency had been stolen in 13 cross-chain bridge attacks, mostly in 2022. In March, an attack drained $600 million from a bridge behind the crypto-powered video game Axie Infinity. In February, $325 million was stolen from the Wormhole network.
The recent hack of Binance’s native cross-chain bridge confirmed what we already knew —that the BNB Smart Chain is not very “decentralized”.
It all boils down to the essence of decentralization.
A network is considered decentralized if it has a sufficient number of distributed nodes that all share equally in the functions of running the network and keeping it secure.
For example, the number of Bitcoin nodes is 15,000 and each one of these nodes holds a full copy of the bitcoin blockchain. Ethereum has 8,000 nodes, and the BNB Smart Chain has only 26 nodes. While what is a “sufficient” number of nodes is up for debate, it largely depends on how easy it is for one centralized authority to control what happens to the entire network.
The BNB Smart Chain doesn’t look too decentralized to me. There are not many nodes, and the ones that exist are influenced by Binance to a high degree.
It’s this high degree of centralized authority which prompted the BNB Smart Chain node operators to rapidly halt the blockchain and implement a software upgrade that froze the remaining stolen BNB.
When we consider the “blockchain trilemma” (security. decentralization. scalability), it’s clear that the BNB Smart Chain sacrifices decentralization for better security and scalability. This is the reason why their transactions are so fast and cheap, and why they can respond to cyber attacks so effectively, but at the end of the day, it’s not very different from a normal bank —there is just a small team of validators who control the entire network.
The Binance ecosystem (exchange, team, token, and blockchain) is a bit like web3 lite for users who want a simple experience of digital asset trading and use. It’s like an introductory on-ramp for crypto and NFTs.
These hacks are hurting crypto’s image. While we all want decentralized exchanges, we also want law enforcement and prosecutors to intervene and do something when hacks like this happen. There is a pressing question of whether bridges will survive being part of the crypto ecosystem. If cryptocurrencies are to be widely adopted, they will need to have secure and reliable systems for moving value.
by Ilias Louis Hatzis is the founder and CEO of Kryptonio wallet.
Subscribe by email to join the other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research.