View profile

CZ stopped BSC, why it matters

CZ stopped BSC, why it matters
By Protos • Issue #1 • View online

Welcome to The Context, I’m Bennett Tomlin and in this weekly newsletter I’ll walk you through what I think are the most important things happening in crypto. Be warned, my opinions are often wrong and my takes are ice cold.
This week, we’re taking a look at the recent halt of the BNB chain and how similar it is to 2017’s DAO hard fork.
What happened recently on BNB?
On Thursday October 6th the BSC Token Hub was hacked for approximately $586 million dollars.
Explained: How $600M was stolen from Binance's BNB chain
The BSC Token Hub is the bridge that allows for the BNB token to be bridged onto and off of the BSC chain.
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down.
The exploit took advantage of a flaw in the way proofs were verified to allow themselves to withdraw the funds from the smart contract. After that they quickly started trying to bridge and swap it across a variety of other chains, trying to make it harder to freeze.
The hacker was able to move approximately $100 million off of BSC chain and onto other chains before the validators were contacted and told to stop the chain. [BNB Chain Ecosystem Update]
Several days after the chain was stopped, a patch note on Github announced that Binance Smart Chain intends to hard-fork to re-enable the bridge and the chain. [Release v1.1.16 · bnb-chain/bsc · GitHub]
What happened with The DAO?
The DAO was effectively a collective venture capital form that was partially managed onchain that ended up accumulating about 15% of all ether in circulation in 2017.    
There was a flaw in the smart contracts which allowed about a third of the funds, totaling over 3 million Ether to be moved into a ‘child DAO’ under the control of the attacker.  
This attack, almost certainly carried out by Toby Hoenisch the co-founder of TenX [Exclusive: Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether], placed Ethereum in a difficult position. Since it intended to switch to Proof-of-Stake eventually, it wanted to ensure that Toby didn’t end up controlling a disproportionate part of the stake.  (To be clear, Ethereum didn’t know it was Toby at that point, we only found out when Laura Shin exposed it earlier this year.)
In response to the hack white hat hackers started using the same exploit to drain the rest of the DAO, to prevent Toby from doing it.  
Eventually, several days after the hack there was a hard-fork of the chain, which resulted in the primary Ethereum chain introducing a special ‘withdraw’ contract for DAO users. Ethereum Classic chose not to introduce this change and did not return the funds.
How are these cases similar?
Both illustrate the limits and realities of decentralization. In both cases a hard fork was agreed upon and the chain performed state transitions that would generally not be accepted. Both were in response to large amounts of funds being stolen, effectively from ‘users’ who had deposited them into smart contracts.  
It is not common for Ethereum to hard-fork due to a smart contract hack. It is not common for Binance Smart Chain to stop and hard-fork due to a smart contract hack.
How are these cases different?
One striking difference is that Ethereum did not stop. This may seem relatively minor at first, but the fact that preserving user funds required white hat hackers to work to try to contain the damage, and that they were not able to stop users from being able to send transactions during that period is a meaningful difference.
I think it’s helpful to remember that even Bitcoin rolled back the chain after an inflationary bug.
What’s it mean?
Fundamentally the base level of any blockchain is social consensus. It’s an agreement on what the intent of this endeavor is and what compromises are compatible with that.  
For Bitcoin keeping the supply and distribution of bitcoin from becoming so skewed from that value-overflow bug was more important to the Bitcoin community than continuing to build on that block.
For Ethereum keeping that portion of the supply out of the hands of Toby was important enough to justify this hard fork. There have been other times where there have been social pressure campaigns to get Ethereum to hard-fork where they have not. One example being the Parity Wallet hack where a large quantity of ether became inaccessible. In that case they chose against a hard-fork.
It can be difficult to say exactly what drives these decisions, and there are often accusations that it is in large part driven by connections to insiders.  
Every single time they happen they draw attention to the individuals who are exerting influence to achieve these ends.  
Which is why it felt weird to me that CZ was reaching out to the validators. That they chose to stop the chain, which did prevent the hacker from bridging more funds, but also illustrated the limits of censorship-resistance on the chain. Though CZ’s perspective on decentralization has always been one that emphasizes the utility and convenience to users of centralization. [CZ on Centralization Vs. Decentralization (2022) | Binance Blog]
CZ illustrating it is possible for him to convince validators to stop and coordinate a hard fork may eventually end up interesting details to regulators if they take a look at the protocols using the chain and think that some of these look like things that are illegal. They may think that some of them look like Ponzi schemes, or that they’re offering unregistered margin trading, or that they’re trading unregistered securities and request that CZ help them put a stop to this activity.
Explained: CFTC proves DAOs are not ‘enforcement-proof’
Because fundamentally CZ is right that decentralization is not the goal, but a means to the goal.  The goal is meant to be censorship-resistance, creating systems that allow for those who otherwise would not be able to transact to be able to transact.
But, when your bread is buttered by enabling irresponsible behavior, when wanton speculation on bullshit pays your fees, and having Ponzis on your network drives demand for your token; perhaps you would find censorship-resistance to no longer be quite as important.  You might also think that you can continue to play regulatory arbitrage and avoid having to deal with the realities of that regulators.  
Or perhaps they thought quite simply they were acting on the behalf of their community and that they would certainly not want to lose more of their bridged assets.  They know that their name is already on the chain, that when they announced it they announced that the validators would be “trusted members of the Binance community,” and so perhaps knew that they had to act or draw even more ire.  When you rub your brand all over a thing it becomes much harder for that to be decentralized.
In other news:
Arbitrum team buys Prysm client, promises to remain “neutral”
Did I mention that it can be bad when one group starts getting more and more influence over a chain?
Here’s how three DeFi protocols lost $115M in one day
We see other challenges to cryptocurrency governance as protocols get hacked, and in one case the hacker starts bargaining through governance proposals.
Bug freezes bitcoin inside Lightning Network for hours
Lightning Network had a bug that left users unable to create or close new lightning channels.  Researchers created a multi-signature transaction that overwhelmed the ability for the lightning client to parse the block. This bug only affected LND. 
Coinbase: A Boring Story
$2 million was not enough to money to make Brian Armstrong seem interesting.
Did you enjoy this issue?
By Protos

Informed crypto newsletter

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Protos Media Inc, 10 Regent Street, London, SW1Y 4RG, United Kingdom