BNB Chain responds with next steps for cross-chain security after network exploit
The BNB Chain team released its official statement on Oct. 7 regarding the hack and stolen funds, and a second statement on Oct. 11 on network decentralization.
BNB Chain, the native blockchain of Binance Coin (BNB) and the Binance crypto exchange, has been subject to security-related developments over the last month.
On Thursday, Oct. 6 the network experienced a multi-million dollar cross-chain exploit. The incident caused BNB Chain to temporarily suspend all withdrawal and deposit activity on the network.
Initially, the announcement of the network outage cited “irregular activity” with an update stating it was “under maintenance.” As rumors were confirmed the CEO of Binance, Changpeng Zhao tweeted out an apology for any inconvenience to the BNB Chain community.
However the suspension was brief, as the BNB Chain Team announced the network was back online early on Oct. 7, just hours after the attack. As the network regained activity its validators confirmed their location and were asked to upgrade the community infrastructure.
Later the same day, BNB Chain released its first official statement thanking the community for its support during the incident, along with the next steps for ensuring future network security.
UPDATE: Official BNB Chain Response.
We’re humbled by the support, hard work, and dedication from the community of which we are proud to be a part.https://t.co/r0TcZYxFzJ
— BNB Chain (@BNBCHAIN) October 7, 2022
In the statement, the BNB Chain Team owned up to the exploit and apologized to users. They also expressed gratitude to how quickly the issue was identified and resolved by the community.
During the Oct. 6 exploit the hacker was able to withdraw a total of 2 million BNB, which is roughly $568 million at the time of writing. This number was confirmed in the official statement released by the team.
It also reported 26 active validators on the BNB Smart Chain during the incident, with 44 in total in different time zones.
Related: BNB Chain launches a new community-run security mechanism to protect users
In addition to official numbers related to the incident, the BNB Chain highlighted its next steps to ensure future network security against potential exploits.
An on-chain governance vote will decide what to do with hacked funds, whether they should be frozen and if BNB Auto-Burn should be implemented to cover the remaining exploited funds.
The community will also vote on a bounty for catching hackers and a white-hat program for future bugs found which could be $1 million for each.
Prior to the official statement being released, Zhao tweeted his amazement at the swift response and transparency of the BNB Chain team.
Agreed. I was impressed by the quick actions the @BNBChain team took. I am not that involved in the technical side of BNB Chain. Far less than Vitalik with ETH. The principles of issue handling are simple & important: fast, transparent & responsible. https://t.co/eOJrAzWG97
— CZ Binance (@cz_binance) October 7, 2022
In August a report from Chainaylsis revealed that $2 billion in crypto was stolen from cross-chain bridges in the last year alone. This includes major exploits such as the $190 million Nomad Bridge incident.
Michael Lewellen, head of solutions architecture at OpenZeppelin, told Cointelegraph that in an instance where a “project team retains some level of administrative control” in their decentralized ecosystem some type of monitoring should be implemented.
“They should have comprehensive security monitoring to ensure they can use those powers swiftly when needed.”
While community initiatives are productive, such as the ones BNB Chain proposed as a follow up, Lewellen said real-time security monitoring is a tool that can, “put-out fires before they have a chance to spread.”
“Ultimately, the end user can follow good security practices, but without the integration of real-time monitoring and incident response by the developers, users remain at their mercy.”
According to Lewellen, real-time, ongoing security monitoring can watch over the processes that make up the decentralized space without affecting or impinging upon them. Researchers are also considering reversible crypto transactions as a viable solution to fight crime in the industry.
In a subsequent statement, BNB Chain spoke on the decentralization of their network, as many Twitter critics surfaced in light of the exploit.
One user tweeted that the network may seem decentralized to the “untrained eye” but it is indeed not:
1/9) There is a good reason why some are surprised by the BNB rollback today
Even though BNB has always been entirely centralized & permissioned!
As BNB seems decentralized to an untrained eye
However, its 21 “validators” are chosen by a committee of 11, controlled by Binance!
— Justin Bons (@Justin_Bons) October 7, 2022
BNB Chain responded with the statement that “decentralization is journey” and while it’s currently less decentralized than the Ethereum blockchain, it is “more decentralized than many others.”
The update went on to detail the components of the blockchain and the role Binance plays in the ecosystem. According to the post, anyone can become a network validator if enough BNB is put forward and that:
“Nobody can control the decisions taken here, least of all Binance.”
However, the debate rages on between Twitter users, with some commending the team for a swift response and others posting centralization-themed memes about the network.
Zhao also hopped into the debate, posting his thoughts on centralization vs decentralization, echoing sentiments from a similar piece he wrote three years ago:
My views on Centralization Vs. Decentralization (2022) | Binance Blog https://t.co/DkvYU43n3c
— CZ Binance (@cz_binance) October 9, 2022
Within less than a week of the BNB Chain exploit, the space saw another exploit with $100 million taken from the Solana decentralized finance platform Mango Markets. The Solana network is also often touted for being too centralized.
Regardless of the hack and the centralization debate, the network pushed out its latest testnet upgrade v1.1.16 on Oct. 12.
Go to Source
Author: Savannah Fortis