How was the hacking of the BNB chain?
Last October we suddenly received a tweet from Mr. Zhao, CEO of Binance. The chain, or rather, the BNB Ecosystem was hacked, and the hacker was able to steal 2M BNB, about $586M. After a few moves by Binance engineers, basically, stop the chain for 8 hours, the final amount moved off-chain was $127 million.
Today, one month after the attack, the hacker still store about $70M off-chain and $385M on the BNB chain, currently blocked.
You can also check the hacker address into the BNB explorer.
This is one of the biggest hacks in blockchain history.
But what happened? How could they hack the world’s largest exchange?
Let´s go step by step.
Explaining The BNB Ecosystem
Binance is huge. They not only own the biggest Exchange in the world but also they develop their own blockchain that are, in fact, 2 blockchains: The first one, BNB Beacon Chain, is the governance chain and the other, BNB Smart Chain (BSC), is the blockchain itself, where you can build and develop apps. This is very important to understand how the stop the attack when it happened.
The software that was hacked was the BSC Token Hub, the BNB bridge. Recall that a bridge is an application that allows users to exchange bitcoins from the bitcoin chain y la BNB smart chain. That sounds good, a big step in the cryptocurrency ecosystem but sometimes new developments are not exactly stable. 3 of the 5 mayor crypto hacks of 2022 happened into bridges.
The attack
First, the hacker registered as a relayer by depositing BNB 100, about $25,000 (So, yes, normally, to hack a contract you have to spend some money in the process).
Once a relayer, he was able to exploit an interchain vulnerability that allowed him to forge arbitrary transaction messages. He made several attempts but succeeded with only 2, each of 1M BNB.
It was also very savvy in that, instead of dumping the BNB directly, which would have attracted attention because of the amount, it deposited the funds as collateral on the BSC Venus Protocol lending platform. Subsequently, he withdrew the liquidity of the loan.
The stop
In this case it was very easy. With only 26 validators in the chain, the engineers decide to stop the chain for 8 hours until they fix the bug.
It is a common topic to argue about the number of validators needed to be called a decentralized Database but, in this case, the low number was a blessing. They managed to avoid a theft of about $385M.
The solution
Also a very common one, they decided to execute a hard fork, just a simply backup recovery from a previous state. They injected the fixed code and then recovery de database backup.
The update has also moved in the direction of establishing governance votes to decide whether to freeze or burn stolen funds.
There are also plans to increase the number of community validators in a move towards greater decentralization and sharing of responsibility.
It is always complicated when a chain is hacked but this case leads us to the question: is it really decentralized if we can stop the chain if something is not as we want? Is it really immutable if we can recover a backup when something fails? Big questions that should lead the way for blockchain development in the near future.
