Is the Cosmos Ecosystem at Risk? — Learning from the Binance Bridge Hack

By akohad Oct13,2022


A $500 million hack recently exposed a highly technical vulnerability in the Binance bridge.

The Binance bridge is built using Cosmos software. Is that ecosystem now at risk? The short answer is No — but let’s explore.


The hack has been detailed thoroughly in a few places now.

See this thread and this thread for technical details.

Here is my write-up on the matter with some somewhat relevant details.

tl;dr ~$2 million BNB( ~$500 million) was stolen from the Binance Bridge by a technically savvy hacker.

They were able to trick the Merkle tree proving system with fraudulent account values.

The result was the hacker was able to get away with ~$100 million (for now at least).


The Binance Bridge connects the two chains developed by Binance. Those chains are now known as the BNB Beacon Chain and BNB Smart Chain. It was built using Cosmos software.


Cosmos is a large ecosystem in and of itself. It is a native blockchain and DApp ecosystem, a collection of software infrastructure and tools which help developers build blockchain networks.

The Cosmos ecosystem also comes with a cryptocurrency — $ATOM. For now, at least, using Cosmos software to build blockchains does not inherently require the use of or benefit $ATOM.

The Hack

Cosmos has been around for a while and has been used many times by large and successful projects.

Provided infrastructure should be considered one of the most secure, robust, and thoroughly tested in the space.

The problem in this situation was that the development team at Binance used an older version of the Merkle tree proofing system to build the bridge a few years back.

The Cosmos team released a spec of standards and implementation details for Merkle trees and proofing systems. They called this ICS23. The repo has been live for almost a year.

The standards built into ICS23 would not have allowed this hack to occur if the Binance Bridge had been re-developed with it.

The Cosmos team uses these standards themselves for their development.


By all accounts, the Cosmos ecosystem and provided open-source software are about as safe as one would expect in this space.

Combining the forefront of cryptography, networking, game theory, and social dynamics, all publicly through open-source software, is not easy.

There are many brilliant and capable minds working in this industry. Sometimes that capability is used on the opposite side of collective productivity.

With rewards growing through platforms like Immunefi the hope is the incentives for working alongside the collective will attract more of that genius to help the ecosystem rather than take from it.


Ultimately, it’s easy to point the finger after the fact. These situations are not opportunities to cast blame.

Binance could have done more to prevent this attack. At the same time, the growth of Binance and all its doing as a brand to expand the ecosystem in many ways across the globe has placed it in a position to compensate victims in these situations.

The ecosystem has grown quickly. Gaps like this will hopefully continue to be remedied over time.

We can help through awareness and education.


As usual, never a dull day in Crypto/Web3.

If you found this article helpful be sure to follow me on Medium for more content from across the space.

P.S. We’re working on the website for Crypto Climax to bring it to life as an online publication. Stay tuned!


I produce market and developer-related content from across our ecosystem.

This article is an example of a feature article from my free weekly newsletter. There you’ll also find exclusive content, so be sure to signup!

Your email won’t be used for anything else (I don’t even look at them).


Also be sure to follow me on Twitter for threads and other important content from across the space.

Until next time, from your premier Crypto/Web3 publication.

Max — The Crypto Climax

New to trading? Try crypto trading bots or copy trading


Source link

By akohad

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *