BNB Chain, Binance's native contracts blockchain, suspended operations today after discovering an exploit that saw many new BNB assets minted. The company estimated the impact was between U.S.$70-110 million in BNB—which it is working to identify and contain before the hacker gains control of funds.
In a few years, BNB has become the world's fourth highest-ranked digital asset with a market cap of U.S.$46.68 billion. The price of BNB dropped from $293 to $282 after the news broke, though it had slightly recovered.
Changpeng, "CZ" ZhaoBinance founder and CEO, said the exploit occurred on the BSC Token Hub cross-chain bridge. He also issued the now-customary safe funds assurance to users while promising that the issue would be fixed and asking users to be patient. He apologizes for the inconvenience and will provide further updates accordingly.
This may suggest the hacker made use of the burn process to gain new BNB. Binance is still investigating what happened.
However, the total amount stolen or affected may be much higher than Binance's estimate. An investigator claimed the attacker was able to send two transactions of 1 million BNB (worth over U.S.$500 million) after detecting a critical bug in the software.
BNB Chain uses a proof of staked authority mechanism to validate transactions using a network of approved validators. Binance was able to send a quick message to validators when today's exploit was discovered, who responded by suspending their activities.
Binance Coin (BNB) was launched initially in 2017 as an Ethereum-based token before moving to an independent blockchain called Binance Smart Chain (BSC) in 2020. After merging with an older version of Binance Chain, it was rebranded to BNB Chain.
Dr. Craig S. WrightBitcoin creator, has criticized BNB Chain as "not decentralized in any manner" and "distributed not decentralized," with Binance as its owner and controller. Since BNB Chain's approved validators are also stakers who vote with large amounts of BNB assetsrather than with physical hardware, BNB Chain is more like a shareholder database. Bitcoin's fundamental protocol rules are also governed by the Swiss not-for-profit foundation, the Bitcoin Association for BSV, which means no one can change those rules.
The original Bitcoin alert key system sent a priority message to transaction processors (miners) if a problem arose. Historically there were few times the key was used to warn processors/miners of software bugs and request a patch.
Bitcoin's miners are not approved officially by any company, unlike BNB Chain's validators. And Bitcoin uses proof-of-work to validate transaction blocks. Presumably, Binance could revoke authorized validator status for any operator who didn't respond.