Cross-chain bridges are the weakest link in the blockchain ecosystem, and this hack shows us why!
The global cryptocurrency market has been struggling with hacks for almost its entire existence. One of the most recent attacks to have shaken up the crypto market is a hack on the Binance ecosystem.
On October 7, the world’s biggest cryptocurrency exchange, Binance, reported that its blockchain (BNB Smart Chain) had been attacked. Hackers had exploited a vulnerability in the BNB Smart Chain and created two million BNB tokens (Binance’s native token), resulting in a loss of US$570 million for the Binance Network. Let’s take a closer look at the situation, what we can learn from it and what it means for the crypto market.
So, what happened to Binance?
Within the Binance ecosystem, the BNB Chain comprises the BNB Smart Chain (BSC), which facilitates smart contracts and the development of decentralized applications, and the BNB Beacon Chain, which is used for governance purposes.
The hack (or the exploit as BNB’s blog calls it) that occurred earlier this month affected the BSC Token Hub, a cross-chain bridge facilitating transactions between the BNB Beacon Chain and BSC. The BSC Token Hub had a vulnerability that allowed the hacker to forge messages and mint new tokens.
Using this vulnerability, the hacker was able to mint 2 million BNB tokens. Binance quickly found out about the exploit and suspended the BSC. Thus, the hacker only pulled out about US$100-US$110 million off the blockchain. An additional US$7 million from the US$570 million worth of BNB tokens was frozen with the help of Binance’s security partners, further reducing the hack’s impact.
What can we learn from this attack?
This attack has highlighted the weaknesses in blockchain bridges. To understand this better, let’s look at an example. Suppose you want to transfer Bitcoin to the Ethereum Network; you will have to use a blockchain bridge that will give you a “bridge” version of Bitcoin that is now compatible with the Ethereum Network. These bridged assets are backed by a central storage point of funds on the receiving blockchain (Ethereum in this case), attracting hackers to exploit loopholes and steal the funds.
Another issue with cross-chain bridges is that they do not have the same community as the underlying blockchains. It means there simply aren’t enough people to audit codes and check for vulnerabilities.
Just this year, over US$2 billion worth of cryptocurrency has been stolen because of cross-chain bridge hacks. Many crypto experts, such as co-founder of Ethereum Vitalik Buterin, have expressed concern about the security of cross-chain bridges.
This isn’t to say that no effort is being made to improve cross-chain bridges. For instance, a cross-chain bridge called Wormhole has launched a bug-bounty program under which it will offer payouts of as high as 10,000,000 USDC (about US$10,000,000) to those who can successfully catch bugs in the system. Poly Network also did the same and created a bug bounty pool of US$500,000.
How does this hack affect the crypto market?
As of the third quarter of 2022, the crypto market has lost US$2.3 billion, of which hacks contributed to 93% of the losses. This hack is only the latest addition to the billions the crypto market has lost to malicious attacks.
Besides causing direct financial losses, these hacks also negatively impact investor sentiment. Given the recent crypto crash we saw earlier this year, people are bound to be apprehensive about investing their hard-earned cash into cryptocurrencies. Hacks like this would only further solidify the uncertainty of investing in crypto.
Alternatively, some crypto experts believe that these hacks have an overall positive impact on the network attacked. They expose issues present in the network and encourage the network to put more resources into securing the blockchain. We have seen this happen with Binance, where the community is all set to vote on whether it should offer bounties to those who catch hackers and recover any funds lost in future hacks.
Luckily for Binance, their token’s value has remained relatively stable despite the hack. The BNB token was trading at US$280.05 the day the attack happened and is trading at US$271.58 as of October 17. It has maintained its rank as the fifth-largest cryptocurrency by market capitalization, which might have to do with how quickly Binance acted to defend itself against the attack.
A tweet by Binance’s CEO Changpeng Zhao can best sum up the situation, “Some setbacks make you stronger. Never waste an opportunity.” This should be a cautionary tale for not just Binance but also other crypto companies operating cross-chain bridges. Hopefully, crypto developers are making concerted efforts to improve cross-chain bridges and make crypto networks more secure so that these attacks will become less prevalent.
- Why Crypto Markets Crash and 5 Ways Investors Can Deal
- What Is NFT Bridging?
- 6 Remarkable Cryptocurrency Hacks And Digital Heists
Header Image Courtesy of Binance’s website