$570 million Binance's BNB token got stolen from hackers
Like most of other major crypto hacks, the attack was on their cross-chain bridge
Yep, another one..
It has been really bad lately. Hack after hack. Combining this with the market conditions, it will definitely push people away from the web3 space, and that for the right reasons. No one is willing to trust the space with their money. Yes, banks f*ck you up with fees and stuff but at least you don’t see hacks like this every week.
It is a new technology and all that, but at the same time they need to work more and prioritize security over nonsense marketing initiatives. Apparently this hack happened on the cross-chain bridge. This is not the first one to happen as we had major hacks on cross-chain bridges before as well. This brings it up to $1.4 billion worth of crypto hacked in cross-chain bridges just this year. Let’s get into the details of what happened.
Here’s what happened
A total of 2 million BNB was withdrawn from hackers. With the current price of BNB at $282, it equals to roughly $570 million. Hackers were able to exploit a bug in the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC).
We get it, probably the last sentence does not make much sense for you. Here’s an example.
Cross-chain bridges act as connectors that enable independent blockchains to transfer assets and information between each other. Blockchains operate in silo environments, meaning they do not communicate with each other (which is different compared to the traditional banking system). As we were getting more blockchains in the space, there was a need for those cross-chain bridges which would facilitate the communication between two different blockchains.
Binance has its own native cross-chain bridge that uses for their Binance exchange, so hackers were able to exploit it while the money was in their cross-chain bridge.
Current market cap for BNB is roughly $45 billion. Obviously this hack does not impact their day to day business in anyway, although it damages the reputation of Binance as well as the crypto environment as security plays a big role when it comes to mass adoption. Changpeng Zhao, who is Binance CEO on an interview for CNBC said that they were able to minimize damages to less than a $100 million.
What happens next?
According to a blog post from Binance, there will be on-chain governance votes in order to determine the actions for the common good of BNB:
What to do with the hacked funds, freeze or not to freeze?
Whether to use BNB Auto-Burn to cover the remaining hacked funds, or not?
A Whitehat program for future bugs found, $1M for each significant bug found.
A Bounty for catching hackers, up to 10% of the recovered funds.
Bounties given to white hat hackers has been an ongoing debate for a while. Companies, not just in the web3 space, need to realize that they need to step up the game with the bounties given to white hat hackers on finding bugs and exploits in the security. No one is incentivized enough if you tell them that you will get a $10k bounty if you find a major bug. In the case of Binance, it seems like they did go a little more, but unfortunately big bounties usually come after the hack and not before hand.
Final thoughts
Another big issue that needs to be addressed is that we keep asking for decentralized exchanges. In cases of decentralized exchanges everyone can be anonymous. While everyone is happy about decentralized exchanges, when it comes to hacks like this one, everyone is looking towards law enforcement and prosecutors to intervene and do something about it. With decentralization, there is a major risk that hacks can get away being untraceable sometimes.
In the case of this hack, Binance, Coinbase, FTX which are the major crypto exchanges are all centralized exchanges and a KYC (Know Your Customer) is required to be able to transact and they have the possibility to freeze particular accounts or transactions.
Read also
Wintermute lost $160 million from a hack
13 Reasons Why People Lose Money in Crypto Trading
Here Is Why NFT Market Will Go Down to Zero Quicker Than You Think
What Is Sudoswap And What Makes It Different Compared To Other NFT Marketplaces