When it rains, it pours. Just when things were starting to look up for the crypto industry comes news that Binance, the world’s biggest exchange, suffered a major hack on Thursday night. The details are still trickling out, but the short version is that a hacker was able to exploit a so-called bridge and help themselves to 2 million of Binance’s native BNB tokens. Those are worth around $560 million, though Binance is suggesting it may be able to claw much of it back.
The implications of this debacle are twofold. First off, the Binance hack is yet another reminder that bridges, which have been the target of numerous massive attacks, are a glaring hole in the crypto ecosystem. Bridges serve as an automated way to exchange tokens that have incompatible technical standards, but, as Ethereum creator Vitalik Buterin warned earlier this year, they may be fundamentally insecure. In the case of the Binance attack, the hacker basically tricked the bridge into becoming a no-limit ATM. The upshot is that the industry needs to find an alternative to bridges sooner rather than later, before investors lose confidence entirely.
The other lesson of the hack is that Binance’s blockchain, known as the BNB Smart Chain, is far from decentralized. The company has carried on as if the blockchain, which it launched in 2017 with an initial coin offering, is akin to Bitcoin—a loosely federated collection of global nodes that no one can control. But lo and behold, when the hacker struck, Binance announced it would “turn off” the chain to help control the damage. Can you imagine someone announcing they were shutting down the Bitcoin blockchain for a few hours?
Binance tried to paper over the awkward situation in a series of tweets that suggested the intervention had come about as a result of rapid cooperation between independent node operators, but an earlier tweet by the company made this seem like a fiction (one observer called this “a giant comms fuckup”).
This mix of sloppy security and centralization is a bad look for both Binance and the crypto industry as a whole. If you want a silver lining, it’s that this isn’t the first time a major blockchain has used centralized authority to repair a hack—Ethereum very famously forked its blockchain in 2016 to recover investors’ funds. And such steps don’t mean decentralization is a lie. Instead, as Ryan Selkis noted in a sharp observation last night, “Every new idea is centralized to start by definition. So yes they need protection. Early BTC and ETH were no different.”
The Binance hack has taught the industry another hard lesson about bridges and decentralization. Let’s hope people can learn from it.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
DECENTRALIZED NEWS
South Korea has ordered Terra’s fugitive founder, Do Kwon, whose whereabouts are unknown, to surrender his passport in 14 days.
Two law professors say the “SEC should leave Kim Kardashian alone” in part because its enforcement rules are vague and overbroad.
Circle burned $9 billion of USDC in the past 90 days as consumers redeemed them for U.S. dollars, a move likely triggered by falling DeFi yields.
FTX’s native token surged 7% amid rumors the exchange giant is partnering with Visa on crypto debit cards.
A small whisky and rum maker is touting the blockchain as a way to protect his brand and let consumers confirm the authenticity of its products.
MEME O’ THE MOMENT
Crypto Twitter quick to weigh in on Binance's decentralization:
This is the web version of Fortune Crypto, a daily newsletter. Sign up here to get it delivered free to your inbox.
