How Global Blockchain Teams Stopped Over $470 Million BNB Being Hacked

On the 6th of October, BNB Chain ground to a sudden halt after experiencing a massive exploit. By attacking one of the main bridges within the blockchain system, hackers were able to exploit faulty code to mint tokens at a rapid rate.

In the span of only a few hours, they’d created nearly $600 million in value, which they were starting to rapidly liquidate off the platform. Yet, due to the fast reaction of validator teams, the chain was able to prevent the vast bulk of capital from leaving the ecosystem.

In this article, we’ll turn toward these BNB Chain validators, demonstrating exactly how their fast action and international response managed to save the platform, its customers, and investors, millions of USD. 

Let’s get right into it.

What Happened?

The BNB Chain, which is a blockchain that aligns with one of the world’s leading crypto exchange platforms, Binance, experienced an exploit. Hackers were targeting the BSC Token Hub, a central bridge within the infrastructure of the chain.

By finding an exploit in the bridge, hackers were minting additional BNB tokens at an alarming rate. These hackers were effectively able to create new cryptocurrency directly for themselves, quickly siphoning off the capital they’d created into their own accounts and liquidating it.

Within 90 minutes, the hackers had created nearly 2,000,000 new BNB coins. Before the hack was noticed, this figure was worth around USD 570 million. The team of hackers began to liquidate this huge figure, taking it off the chain as quickly as possible.

Luckily, validators noticed the strange activity and rapid mining of new BNB and sprung into action. By alerting the right people and freezing the chain, they stopped the hackers from withdrawing the total sum.

Instead of the full $570 million, those that capitalized on the exploit were only able to steal around $100 million worth of BNB. While this was still a major impact, which has caused the BNB token to trend down in value since the attack, this was only a small percentage of the full harm that could have been done. 

Do We Know Who Capitalized on the Exploit?

As of the 24th of October, Binance has released information to the public claiming that they’re getting close to narrowing down who did the hack. With help from law enforcement, they have a better idea of who could have committed the exploit.

That said, they’re still not certain, with the $100 million that was stolen seemingly having vanished completely. While the BNB chain is working on fortifying its bridges, Binance has devoted itself to finding the perpetrators of the crime.

How Validators Saved the Day

It’s undeniable that the quick reaction from BNB chain validators was the salvation in this scenario. If they hadn’t noticed the strange events from the bridge so quickly, then the hackers would have had significantly more time to liquidate even more funds. 

Considering they managed to move $100 million from the system in only 90 minutes, the difference between finding out 30 minutes later could have been disastrous for the ecosystem. The BNB Chain has 26 unique validators, spanning across the whole globe. Due to their vigilance, the system was able to respond quickly and neutralize the threat as rapidly as possible.

Yet, the support that validators supplied didn’t just stop there. After the event, the BNB outage was haemorrhaging money for the entire system. All validators had stopped services when the blockchain stopped, meaning they needed time to get back up and running once the blockchain was ready to recommence.

Without validators, DeFi applications cannot run properly, making the vast majority of tertiary blockchain applications on the system fail to function. This creates a snowball effect, causing even more problems down the line.

One of BNB Chain’s validators, Ankr, provided the solution where. Ankr’s RPC services were extremely quick to respond after the BNB outage. Unlike other validators, which hesitated in bringing their services back online, Ankr’s RPC services immediately resumed the moment that BNB Chain relaunched. 

During the outage, Ankr’s RPC server remained directly pegged to the blockchain, ensuring that all data was by the moment the ecosystem came back online. Ankr was able to do this, in part, due to the international team they employ. Instead of being focused in one particular region, Ankr spreads their DevOps teams around the globe.

With this approach, they’re able to cover a 24-hour window, with time zones allowing a team of engineers to constantly be active, online, and ready for response. Their international placement of teams reflects the central ideals of blockchain – with the spread of decentralized teams reflecting the placement of international nodes.

Instead of banking on one particular country or focusing efforts in one region, Ankr’s international approach to DevOps allowed them to alert the system, come back online instantly, and allow BNB Chain’s DApps to continue functioning.

Ankr was one of the fastest responders to the incident, developing, testing, and releasing security updates in less than 30 minutes. Their response demonstrates the commitment that validators have to their ecosystems, with Ankr exemplifying a near-perfect crisis response. 

Final Thoughts

As decentralized systems, blockchain networks rely on the validators they have available to them. As these systems continue to grow in popularity, as well as accumulating more total funds, they will become even more of a target for exploitation. While decentralization is a strength of the system, it also leads to a range of potential security issues when information is not shared.

By working with validators, blockchain networks can bring further levels of security, monitoring, and due diligence to their systems. Ankr is a fantastic example of how enriching it can be to work with validators.

From speeding up the daily transaction speeds of ecosystems to providing a level of support, these are vital for blockchain’s success. If this event has taught us anything, it’s that blockchain systems must create international teams to help them respond to incidents. A critical event can occur at any time – we must be ready when they come.