Following the October 6 event, various hypotheses about BNB Chain's decentralization have circulated.
First and foremost, this problem was limited to BNB Smart Chain (BSC), and further limited to the native BNB Chain bridge, BSC Token hub, which is part of the “bridge” between BNB Beacon Chain and BNB Smart Chain. The attacker had forged a proof within the bridge, exploiting a bug that verifies legitimate proofs. This, again, was ONLY limited to the bridge.
The blockchain (BNB Chain) was not compromised and no users were affected.
Decentralization is a Journey
The BNB Chain is a community-driven and decentralized network. Decentralization comparisons have become commonplace in our industry, a way to pit chains against one another and discern who leads the pack. While these comparisons are often dished out with their own agendas, we want to point to specific factual data that outlines our own progress in this regard.
BNB Chain is less decentralized than Ethereum now, but more decentralized than many others. It will become more and more decentralized as our tech team continues to make progress. BSC (BNB Smart Chain) is already on its way to 41 active validators and a total of 80 to 100. Check it out here.
BNB Chain core developers do not see decentralization as black and white. There is an understanding that decentralization is a journey we are on since the very beginning, and we continue to become more and more decentralized as we progress.
BNB Chain’s Components
BNB Chain is made up of both BNB Smart Chain (BSC) and BNB Beacon Chain (BBC):
BNB Smart Chain is also called BSC for short. It was launched with 21 validators and now has 44. 26 of them are active. BSC is on the way to 41 active validators, and about 80-100 in total. Check out BEP-131 in closer detail.
In addition to the 26 active validators, the BNB Smart Chain added extra inactive validators (dubbed "Candidates") to the validator set during the quarter. This Euler hard fork was put in place to increase network dependability and redundancy.
BNB Beacon Chain is for governance purposes and its objective and vision is to provide further security. It was launched with 11 validators and is on the way to 100. Check out BEP-159 in closer detail.
BNB Beacon Chain and BNB Smart Chain validators are based on different types of consensus. One is Tendermint-like, and the other is PoSA. Although the validator elections of both chains happen on Beacon, they are based on serious decentralized staking logic similar to many others.
The Role of Binance
With enough BNB anyone can put themselves forward as a BNB Chain validator on both BNB Chains. In fact, some of the early BSC validators were just individual developers. Some have stayed and continue until now and others have left. Nobody can control the decisions taken here, least of all Binance.
While Binance introduced the idea and some code for BNB Chain, it now remains solely as a sponsor. It also provides one BNB utility: fee discount. Binance is part of the BNB ecosystem, not the other way around.
The Nakamoto coefficient of BNB Chain, which ascertains the number of nodes that must be compromised to affect the blockchain and obstruct it from functioning correctly, is 8 and has been constant throughout the last year. This means BNB Chain is less decentralized than Ethereum, but more so than many other chain.
Messari's 2022 report on BNB Chain does a fantastic job of establishing this backdrop and would be a good starting point for understanding the subtleties of BNB Chain decentralization.
Regarding the Exploit
The exploit earlier referred to, that took place on the cross-chain bridge, BSC Token Hub, resulted in extra mining of BNB. The loss is on BNB Chain, users were not affected.
A total of 2 million BNB (nearly $ 570 million) were effectively minted and taken by the hacker. Through off-chain coordination, global BSC (BNB Smart Chain) validators volunteered to upgrade so that the majority of the fund remained in the exploiter's address, while partners helped secure funds on other chains as well. These funds could not be moved.
Nearly $ 570 million were minted and taken by the hacker. $100 million remain unrecovered and moved off chain by the hacker. No users or users funds were affected.
This Twitter thread from one of the BNB Chain's core developers is an excellent example of how misinformation is conveyed and how the community is effectively combating it.
The decisive and swift action taken by validators to combat this issue drew two kinds of responses from the broader Web3 community. We saw a positive response from users who appreciated the effectiveness of the actions taken by validators. We also saw critics immediately use the swift response as a reason to question BNB Chain’s decentralization.
The fact of the matter is that ‘coordinated response’ and decentralization don’t tend to go hand in hand. But in a matter of urgency BNB Chain and our validator set have always understood that a swift and effective response serves to benefit all- especially our users. Despite this, a coordinated response still took around 5 hours to execute, resulting in over $100 million remaining unrecovered. While this is not an inconsiderable sum, the figure has been limited due to the incredible response of our community.
What Happened After the Incident
The BNB Chain was never rolled back. It was a synchronized pause and resume among the validators — CoinbaseCloud, Figment, and 24 others. This is the first pause in the existence of the BSC (BNB Smart Chain).
No one has ever said blockchain technology is bug proof, but it is indeed reassuring to know that we have such strength in a community that is always willing to act in the interest of others.
BNB Chain continues to work on the journey of decentralization and the network's stability. The network's performance and stable staking are proof of the community's amazing accomplishments thus far. And while we are proud of the current validator set, we are doing all we can to ensure this is expanded and made even more effective.
Since the incident took place BNB Smart Chain testnet has already been upgraded with enough validators meaning it is now on v1.1.16. All cross-chain transfers that were previously paused will be repaid after the upgrade takes effect on October 12th.
The past week was a trying one in which many lessons were learned, but one of the more positive lessons learned relates to the readiness and robustness of an ecosystem that is always on hand to act in the best interest of the entire community.