BNB Chain responds with next steps for cross-chain security after network exploit

Published at: Oct. 17, 2022

BNB Chain, the native blockchain of Binance Coin (BNB) and the Binance crypto exchange, has been subject to security-related developments over the last month.

On Thursday, Oct. 6 the network experienced a multi-million dollar cross-chain exploit. The incident caused BNB Chain to temporarily suspend all withdrawal and deposit activity on the network.

Initially, the announcement of the network outage cited “irregular activity” with an update stating it was “under maintenance.” As rumors were confirmed the CEO of Binance, Changpeng Zhao tweeted out an apology for any inconvenience to the BNB Chain community.

However the suspension was brief, as the BNB Chain Team announced the network was back online early on Oct. 7, just hours after the attack. As the network regained activity its validators confirmed their location and were asked to upgrade the community infrastructure.

Later the same day, BNB Chain released its first official statement thanking the community for its support during the incident, along with the next steps for ensuring future network security.

UPDATE: Official BNB Chain Response. We're humbled by the support, hard work, and dedication from the community of which we are proud to be a part.https://t.co/r0TcZYxFzJ

— BNB Chain (@BNBCHAIN) October 7, 2022

In the statement, the BNB Chain Team owned up to the exploit and apologized to users. They also expressed gratitude to how quickly the issue was identified and resolved by the community.

During the Oct. 6 exploit the hacker was able to withdraw a total of 2 million BNB, which is roughly $568 million at the time of writing. This number was confirmed in the official statement released by the team.

It also reported 26 active validators on the BNB Smart Chain during the incident, with 44 in total in different time zones.

Related: BNB Chain launches a new community-run security mechanism to protect users

In addition to official numbers related to the incident, the BNB Chain highlighted its next steps to ensure future network security against potential exploits.

An on-chain governance vote will decide what to do with hacked funds, whether they should be frozen and if BNB Auto-Burn should be implemented to cover the remaining exploited funds.

The community will also vote on a bounty for catching hackers and a white-hat program for future bugs found which could be $1 million for each.

Prior to the official statement being released, Zhao tweeted his amazement at the swift response and transparency of the BNB Chain team.

Agreed. I was impressed by the quick actions the @BNBChain team took. I am not that involved in the technical side of BNB Chain. Far less than Vitalik with ETH. The principles of issue handling are simple & important: fast, transparent & responsible. https://t.co/eOJrAzWG97

— CZ Binance (@cz_binance) October 7, 2022

In August a report from Chainaylsis revealed that $2 billion in crypto was stolen from cross-chain bridges in the last year alone. This includes major exploits such as the $190 million Nomad Bridge incident.

Michael Lewellen, head of solutions architecture at OpenZeppelin, told Cointelegraph that in an instance where a "project team retains some level of administrative control" in their decentralized ecosystem some type of monitoring should be implemented.

“They should have comprehensive security monitoring to ensure they can use those powers swiftly when needed.”

While community initiatives are productive, such as the ones BNB Chain proposed as a follow up, Lewellen said real-time security monitoring is a tool that can, “put-out fires before they have a chance to spread."

“Ultimately, the end user can follow good security practices, but without the integration of real-time monitoring and incident response by the developers, users remain at their mercy."

According to Lewellen, real-time, ongoing security monitoring can watch over the processes that make up the decentralized space without affecting or impinging upon them. Researchers are also considering reversible crypto transactions as a viable solution to fight crime in the industry.

In a subsequent statement, BNB Chain spoke on the decentralization of their network, as many Twitter critics surfaced in light of the exploit.

One user tweeted that the network may seem decentralized to the “untrained eye” but it is indeed not:

1/9) There is a good reason why some are surprised by the BNB rollback todayEven though BNB has always been entirely centralized & permissioned!As BNB seems decentralized to an untrained eyeHowever, its 21 "validators" are chosen by a committee of 11, controlled by Binance!

— Justin Bons (@Justin_Bons) October 7, 2022

BNB Chain responded with the statement that “decentralization is journey” and while it's currently less decentralized than the Ethereum blockchain, it is “more decentralized than many others."

The update went on to detail the components of the blockchain and the role Binance plays in the ecosystem. According to the post, anyone can become a network validator if enough BNB is put forward and that:

“Nobody can control the decisions taken here, least of all Binance."

However, the debate rages on between Twitter users, with some commending the team for a swift response and others posting centralization-themed memes about the network.

Zhao also hopped into the debate, posting his thoughts on centralization vs decentralization, echoing sentiments from a similar piece he wrote three years ago:

My views on Centralization Vs. Decentralization (2022) | Binance Blog https://t.co/DkvYU43n3c

— CZ Binance (@cz_binance) October 9, 2022

Within less than a week of the BNB Chain exploit, the space saw another exploit with $100 million taken from the Solana decentralized finance platform Mango Markets. The Solana network is also often touted for being too centralized.

Regardless of the hack and the centralization debate, the network pushed out its latest testnet upgrade v1.1.16 on Oct. 12.

Tags
Blockchain
Hacks
Hackers
Binance
Binance Coin
Security
Related Posts
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
$50M reportedly stolen from BSC-based Uranium Finance
Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million. Tweeting on Wednesday, Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation. (1/2)‼️ Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers. — Uranium Finance (@UraniumFinance) April 28, …
Blockchain / April 28, 2021
Pandas, cyborgs, dogs, koalas dominate BNB Chain Red Alarm flag list
BNB Chain, a blockchain network created by crypto exchange Binance, identified over 50 on-chain projects that pose a significant risk to the users. A mix of crypto spin-offs resembling Dogecoin (DOGE) and Binance and others dedicated to pandas, cyborgs and koalas made the list as untrustworthy and high-risk projects. BNB Chain’s Red Alarm feature, which was implemented to protect investors from potential rug pulls and scams, flagged projects based on two main criteria — if the contract performs differently from what the project owners advertised or if the contract shows risks that might influence users' funds. Speaking to Cointelegraph, Gwendolyn …
Adoption / Aug. 15, 2022
Binance Falls From Top 10 in CryptoCompare’s New Crypto Exchange Rankings
London-based crypto data provider CryptoCompare has updated its crypto Exchange Benchmark, removing Binance cryptocurrency exchange from the list of the top 10 exchanges. Binance, the second biggest crypto exchange by daily trade volume to date, is not included in the CryptoCompare’s list as the rankings do not rely on aggregate volume data in its analysis, the firm said in a press release to Cointelegraph on Nov. 19. In order, the top 10 crypto exchanges in CryptoCompare’s second Exchange Benchmark are: Gemini, Paxos’ itBit, Coinbase, Kraken, Bitstamp, Liquid, OKEx, Poloniex, bitFlyer and Bitfinex. Binance was ranked seventh in the first Exchange …
Blockchain / Nov. 20, 2019
BNB Chain confirms BSC halt due to 'potential exploit'
BNB Chain (BNB) the blockchain of cryptocurrency exchange Binance, was paused on Oct. 6 due to what it states is “irregular activity” on the network with the team having determined a potential exploit. The official Twitter account of the BNB Chain announced the temporary pause, soon after adding it had found a possible exploit. Binance provide an update that the blockchain was “under maintenance” suspending all deposits and withdrawals. To confirm, we have suspended BSC after having determined a potential exploit. All systems are now contained, and we are immediately investigating the potential vulnerability. We know the Community will assist …
Blockchain / Oct. 6, 2022