Binance blockchain hit by $817.5m hack, exposing crypto vulnerabilities

The attack on the Binance Smart Chain network highlighted weaknesses in decentralised finance. PHOTO: REUTERS
Updated
Oct 09, 2022, 03:36 PM
Published
Oct 09, 2022, 02:52 PM

WASHINGTON - Binance, the world's biggest cryptocurrency exchange, confirmed last Friday that US$570 million (S$817.5 million) had been stolen in a hack of a blockchain it runs that serves as a bridge for asset transfers between networks.

The attack on the Binance Smart Chain network highlighted weaknesses in decentralsed finance, or DeFi, where transactions are controlled by code.

"Software code is never bug-free," Binance chief executive Zhao Changpeng said in an interview with CNBC.

He emphasised that no users had lost money in the hack but said that so-called cross-chain bridges were particularly vulnerable to hacks and the industry needed to get better at learning from them.

"We have seen a series of attacks... targeting vulnerabilities in cross-chain bridges," Binance Smart Chain wrote in a blog post apologising to users. "We will openly share the details of the post-mortem and all lessons on how to implement more advanced security measures to shore up these vulnerabilities."

In August, blockchain research company Chainalysis estimated that US$2 billion worth of cryptocurrency had been stolen in 13 cross-chain bridge attacks, mostly in 2022. In March, an attack drained US$600 million from a bridge behind crypto-powered video game Axie Infinity. In February, US$325 million was stolen from the Wormhole network.

These exploits show that a reliance on code for control of DeFi platforms leaves these systems exposed and that in emergency situations, decentralisation can be an obstacle to quickly resolving issues. The Binance chain ecosystem is run by a community of users, known as validators, who hold tokens and can vote on proposed code changes.

"Decentralised chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading," Binance Smart Chain said in its statement. "This delayed closure, but we were able to minimise the loss."

Now, the Binance Smart Chain community will hold a vote on next steps, including whether to freeze the stolen funds and allot a bounty for catching the hackers, offering up to 10 per cent of the value of the stolen assets.

Mr Vitalik Buterin, a founder of the Ethereum network - and the second most popular cryptocurrency, Ether - has been a vocal critic of cross-chain bridges, noting that they have "fundamental security limits". NYTIMES

More On This Topic
Binance-backed blockchain probes $157 million hack of tokens
Binance to convert users' USDC into its own stablecoin

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top