Binance Exec: BNB Smart Chain Hack Could Have Been Worse if Validators Hadn’t ‘Sprung Into Action’

Patrick Hillmann, chief communications officer at crypto exchange Binance, joined “First Mover” to discuss last week’s $100 million exploit and how validators prevented the worst-case scenario.

AccessTimeIconOct 10, 2022 at 4:49 p.m. UTC
Updated May 9, 2023 at 3:58 a.m. UTC
Layer 2
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Validators on crypto platforms are becoming, out of necessity, more and more astute, said Patrick Hillmann, chief communications officer at crypto exchange Binance.

Over the weekend, BNB Chain, a blockchain closely connected with crypto exchange Binance, was the latest victim in a hack that ultimately drained the ecosystem of $100 million in crypto. The exploit, however, could’ve been worse.

“[The] elephant in the room here is as these attacks become more sophisticated … [I]f they were more organized, [the hackers] probably could have gotten more funds off of the ecosystem than they did,” Hillman said during an appearance on CoinDesk TV’s “First Mover” on Monday.

While the hackers were able to get away with roughly $100 million, the potential amount could have been as much as $570 million.

“What we’re seeing here is that as we see more of these attacks on bridges, the communities that rally around these blockchains are getting much better at shutting them down quickly, updating their systems and being able to prevent a worst case scenario from happening,” Hillmann said.

On Thursday, BNB validators noticed some strange activity taking place on BSC Token Hub, one of the platform’s bridges ,and came to the conclusion the bridge was being utilized to mint additional BNB tokens, according to Hillmann. He compared the exploit to a group of thieves breaking into the U.S. Federal Reserve, printing their own money and then walking away with it.

Nearly 90 minutes after the initial exploit, concerns emerged, with Binance CEO Changpeng Zhao estimating the bridge had been exploited for $100 million.

“Luckily that community, the validators, sprung into action really quickly, were able to lock down the chain and actually prevent the lion's share of that new minted BNB from being able to actually leave the ecosystem,” Hillman said.

The attack prompted 26 of BNB Chain’s validators to act, preventing what could’ve been a $570 million hack, or the value of the 2 million BNB tokens that were fraudulently created, from being siphoned out.

Regarding whether centralization on the BNB Smart Chain is an issue of concern, Hillmann said there are benefits that come with a smaller community “overseeing and keeping the doors locked at night.”

“Because those 26 validators are able to work with one another so quickly, they’re able to prevent that worse case scenario from happening,” he said.

Moving forward, BNB Chain’s validators said they would hold a series of on-chain governance votes that would decide whether the hacked funds should be frozen, as well as whether a bug bounty reward system should be put in place to prevent future hacks.

Hillmann said that to ensure the BNB token is growing at a sustainable rate, and because the hackers “didn’t steal someone’s money,” the BNB community is planning to include $2 million worth of BNB tokens in its upcoming burn this year as a way to “bring it back down to parity.”

Furthermore, Hillman said the BNB Chain community is working with law enforcement to track down the hackers, who he suggested could be “either a state-based actor or a threat group that is tied to a state actor.”

“In some ways this was a very sophisticated attack and in some ways it wasn't,” Hillmann said.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Fran Velasquez

Fran is CoinDesk's TV writer and reporter.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.