BSC News Roundtable: Hacked! The $580M BNB Bridge Exploit

BSC News Roundtable on BNB Bridge Hack

Welcome to the BSC News Roundtable, where we leverage the expertise of our staff (inside and out of the newsroom) to discuss important topics in blockchain and crypto.

In this edition, the subject of the conversation was the $580 million BNB bridge exploit, where hackers essentially were able to mint themselves 2 million new BNB of which, at last count, about $100 million worth was not yet recovered.

Some BSC News staffers felt that the exploit reduced their confidence in blockchain security, while others placed greater emphasis on BNB Chain’s ability to persuade validators to temporarily pause chain activity in order to recover stolen funds.

The BNB bridge exploit touched on fundamental issues about blockchain technology and the crypto sector, including the continuing vulnerability of cross-chain bridges, the tug-of-war between centralization and decentralization, and, the bottom-line attitudes of investors and developers toward major exploits.

Read on to view highlights from the discussion:

Kyle Heise, BSC News Director of Content based in California with a background in diplomacy, linguistics and technology, and a penchant for meme projects

“The BNB Chain hack is, in my mind, very problematic. It was the first time something like this, within my recollection, has happened on BNB Chain. This is something that we used to laugh at the Solana chain for. It’s problematic in that sense: that they can pause the blockchain. Blockchains are supposed to never stop. But seems like pretty much any blockchain, besides Bitcoin, doesn’t follow that. Ethereum has stopped and done a fork. Solana has failures and outages. BNB Chain has now joined that group. I think it’s very problematic that this type of idealistic world we think we live in, is untrue.”

“This is also a strong reminder of how decentralized BNB Chain is, or isn’t. This is not a chain that has thousands of validators. Not all blockchains are as decentralized as we think.”

“Finally, this happened through a bridge, once again. Bridges are basically the most exploitable thing on blockchain. Most of these giant hacks come through bridges. And it just goes to show that the technology on bridges is still not there. There's probably maybe a few bridges out there that are really, really, really good. Celer network comes to mind; Allbridge comes to mind. But bridges are unsafe places. Bridges are not the most secure thing.”

*****

Abiodun Oladokun, BSC News journalist based in Nigeria with a background in law and experience in blockchain research and analysis

“For the validators on the chain to be able to ‘stop the chain’ from working, it makes you question the concept of decentralization even further because it shows you that, look, these things are actually being controlled by a group of people that are selected because they’ve met some criteria.”

“These are things that get people curious and inquisitive about whether the decentralization that blockchain technology preaches is actually working, whether any of the things that we have are actually truly decentralized.”

“There’s still so much we need to figure out about whether decentralization will be a part of blockchain technology any more. I don’t know but, it’s not a concept that is being applied in real life.”

*****

Raashid Siddeeque, Lead Graphic Designer based in France, a self-described “NFT Maxi” with experience in crypto investment, research and consulting

“It’s like a story, where CZ is promoting more decentralization. But he’s also pointing out whenever decentralization fails, centralization comes into play, to help decentralization.”

“In those days when BSC was forming (we were, like, OGs in those days), whenever a project rugged, you could directly contact CZ. If that particular project sent funds to Binance, we had a direct contact to CZ to give him all the information and raise a support ticket. And they would freeze the funds, and they would try to give it back to the real owners, whoever got robbed.”

“It was a positive vibe, but then again, his main point was even though decentralization is not safe, centralization will help the decentralization anyway. My personal opinion is BSC Chain is not decentralized because they have their own set of validators, who basically work for Binance.”

*****

Gairika Mitra, BSC News Journalist based in India, with a background in tech and journalism, and experience with several publications covering regions across Asia

“I am getting to thinking in the back of my mind, ‘How secure is blockchain technology?’ Before this hack happened, I used to think to myself that blockchain projects are considered to be highly secure. But if you read various publications, you would know that there have been multiple hacks this year.”

“There has been talk about a series of on-chain governance votes that will decide whether the hack funds should be frozen, or if there should be a bug bounty reward system that could prevent future hacks. But the question is, ‘Is that at all feasible?’ If yes, then how? If not, then why?”

*****

Ahamdi Abarikwu, BSC News Journalist based in Nigeria, with a background in electrical engineering and a passion for crypto, writing and editing.

“If BNB Chain was fully decentralized, probably the hacker would have made away with all of those funds because the nodes would not be stopped and the validators would all be running. So I’m just thinking that perhaps it could be an issue of striking a balance between ... having a decentralized system but with some measure of centralization around it for control purposes.”

“A bridge gives hackers an extra point of attack, or extra points of attack. Those bridges are much less decentralized than the originating chains. You have a situation where the codes that control the bridge do not have a wide development community. So the potential of more bugs being found in the coding is much higher.”

*****

Kabezo, BSC News Editor based in Connecticut with a background in traditional finance an investing, but a long history observing blockchain technology and crypto.

“From my standpoint, I think CZ has been pretty clear about decentralization vis a vis BNB Chain for a very long time, since I’ve been watching it, which is since it launched. And that is that BNB Chain is an open protocol that anyone can use. It is rather centralized as a design choice as a tradeoff for speed and fees, making it faster and cheaper. So I think they’ve been transparent about that.”

“Centralization versus decentralization; it’s a spectrum, right? Even the SEC and the CFTC agree that, for example, Bitcoin is decentralized. And yeah, BNB Chain qualifies as much more centralized. It’s better to think of it as an open protocol that anybody can use, and they want to make it more decentralized.”

“The chain wasn’t hacked. The chain functioned as designed. It was the bridge that was exploited. Bridges are the most vulnerable aspect of crypto, and clearly there’s a lot of work that needs to be done to make them more secure. But I still use them and I’m going to keep using them.”

“I think BNB Chain is what it is. I think people are comfortable with it. TVL, since the pause, has not gone down nor has the price substantially of the token, in dollar terms. I think it’s going to keep on being what it is. It’s kind of the people’s blockchain. It’s got centralization issues clearly. But I take CZ at his word that he wants to make it better, make it more decentralized as time goes forward.”

*****

Pranav Vadehra, BSC News Editor based in India, with a background in technology and experience in several jurisdictions, including UAE

“I think Binance’s PR image has definitely taken a hit with this whole episode, in the whole decentralization debate. It’s hard for them to claim that they don’t control the validators, seeing how fast they were able to pause the chain, although it was actually fairly good to protect their users.”

“What CZ said on his blog, talking about the whole debate, where he said they recognize they have to go incrementally on a path toward decentralization -- I think he has a valid point there, if that is going to happen and it will go toward decentralization while still giving benefits like protecting people’s funds.”

“Most of the investors, I think, on BNB Chain care mostly about the low gas fees and it being the cheapest chain. On the whole, its image has taken a hit , but I think they have some valid points. Maybe they’re doing a bit of damage control as well, but I think on the whole, in the decentralization debate, there might be valid points were this kind of centralization is beneficial for users.”

*****

Ramsha Naushad, BSC News Journalist based in India, with a passion for Web3, crypto and DeFi and an academic interest in blockchain utility for social services

“Binance is smart enough to never claim that BNB is decentralized or outright decentralized. It has a comfortable, ambiguous middle ground. Whenever hacks like this happen, we tend to reduce our trust. And that’s natural.”

“What operators need is something that gives you immediate notification, maybe like an eagle-eye watching over the entire transactions. I don’t think I would take away my trust from BNB Chain over the question of centralization or decentralization, but having an eagle-eye would be great.”

*****

Samuel Mbaki, BSC News Journalist based in Kenya, with a background in writing and journalism on many topics, including crypto

“The BNB Chain attack touches on three key issues in crypto: That’s decentralization, regulation and cyber security. Regulation has not yet set in but can come through the government’s view that if the chain is centralized to such a point, then its native token could be a security or an asset that can be manipulated by them, which could open up a lot of issues for Binance because for some time, Binance has been under the microscope of regulators and also has been working on centralization and decentralization.”

“I think getting to a midpoint between centralization and decentralization could be fore the better of the chain and the crypto community, although some things like governance policies should be left for the community to decide. Then when it comes to attacks, centralization can come in so that we can save time and people’s money, because the money, the value of the chain or project, is what matters.”

*****

Andrew Sawa, BSC News Journalist based in Nigeria, with a background in fintech and an interest in blockchain and Web3

“There was a very interesting blog on Binance by CZ himself, where he talked about centralization versus decentralization. He made a very audacious statement that is really, really interesting to think about. He said it is important to remember that decentralization is not the goal itself. It is the means to the goal. The goal is freedom, security and ease of use.”

“It is concerning to think about it, as if freedom is the goal. I think the fate of the network should not be centralized in the hands of a few validators. If you look at it, by comparison with the Ethereum network with over 400,000 validators who were able to coordinate everything on time for the recent Merge event that happened; I think these are considerations and conversations that will happen in the future. Binance, being the third-largest chain, it’s a very fierce competition with Bitcoin and Ethereum, which are pretty much decentralized.”

*****

Patrick Brendel, BSC News Editor based in the Cayman Islands, with a background in many aspects of journalism and an interest in blockchain and crypto

“This exploit and the response to it has raised a lot of fundamental questions about crypto and blockchain, along with the fact that bridges are continuing to be points of of vulnerability for chains.”

“It wasn’t a BNB Chain hack, it was a bridge hack. So what does this mean? Because it seems to keep happening. They say the future of crypto is cross-chain. So, maybe you have to go in other ways besides bridging assets.”

“Once again, BNB and Binance stepped in very quickly to recover funds, talking to handpicked validators and getting them on the same page very quickly to pause the chain for the purpose of saving assets and asset recovery, giving rise to these thoughts about decentralization, which is one of the big ideals of blockchain but thin in practice, CZ pointed out what centralization can do for a chain.”

“My main takeaway is what didn’t happen. What didn’t happen is the price of BNB didn’t plummet. Nobody got spooked, thinking, ‘Oh my gosh. This exploit has put all of our funds at risk.’ The money didn’t rush out of BNB because all of a sudden it showed maybe the chain isn’t as decentralized as some people wanted it to be. The TVL didn’t drop either. So people are still comfortable using the chain and regardless of how somebody might feel philosophically about CZ or the concept of decentralization, it almost seems as if this action that they took, if anything, made people feel more comfortable and confident in using the chain.”