BNB Chain had a major scare yesterday, when a hacker exploited the native bridge between BNB Smart Chain (ex-BSC) and BNB Beacon Chain – two blockchains working in tandem. The attacker found a bug that allowed them to forge a proof of deposit on the Beacon Chain and create an equivalent of $570 million of BNB on the BSC Chain.
Binance reacted quickly and “by contacting community validators one by one” managed to halt the BSC Chain and freeze some $450 million that the hacker did not manage to convert. Further collaboration with the crypto ecosystem helped freeze an additional $7 million of USDT related to the hack.
The whole incident was managed professionally, as it is often the case with Binance. However, it raised two important issues of BNB Chain: security and decentralization.
As CZ rightfully noted, the blockchain itself was not hacked – the bridge was 🌉, and as we all know, bridges are the weakest link in all crypto ecosystem. However, when the bridge itself is part of the blockchain, connecting its governance center (Beacon) with its activity center (BSC), the picture is different.
BNB Beacon Chain was launched in 2017 with a native coin BNB (BEP2). However, most developments were happening on Ethereum (they still are), so Binance decided to piggyback this success and in 2020 launched BSC, initially an ERC20 token on Ethereum. BSC has then morphed into a separate blockchain (BEP20) fully compatible with Ethereum Virtual Machine.
In the beginning of 2022, two blockchains have officially merged in one, the BNB Chain, with staking and voting happening on BNB Beacon Chain and most of the usual DApp activity – on BNB Smart Chain. These two parts are obliged to use a bridge, which is a single point of failure threatening the whole system.
This is the trickiest part. BNB Chain uses a variant of PoS, with a total of 41 validators, of which 21 are elected (on a few criteria, including the amount of staked BNB), and the others are the runner-ups. A validator set consists of 19 elected validators and 2 runner-ups, randomly chosen.
This system is a great improvement from the previously rigid set of 21 elected validators, which was used up until this July. However, the fact that Binance managed to halt the whole blockchain by “contacting 26 validators” speaks loads about the real degree of centralization.
Also, while BNB Beacon Chain went open-source this summer, BNB Smart Chain is still closed source.
🤔 Is it bad? In this particular case BNB Chain centralization helped it freeze $450 worth of fraudulently created coins, so one might say “Why not?”
After all, CZ does look like he knows what he is doing, and the whole Binance empire is really impressive…
However, this is not what the blockchain is about, and while the partially centralized system may work most of the time, it is not impervious to centralization flaws, and may be dangerous in the longer term.