| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to a hack of a blockchain serving as a bridge for asset transfers between networks has happened before within the same organization, Binance. The incident at Binance Smart Chain highlighted weaknesses in decentralized finance (DeFi) and vulnerabilities in cross-chain bridges. Binance's CEO acknowledged that software code is never bug-free and emphasized the need for the industry to learn from such incidents [133956].
(b) The software failure incident related to attacks on cross-chain bridges has also occurred at other organizations. Chainalysis estimated that $2 billion worth of cryptocurrency had been stolen in 13 cross-chain bridge attacks, mostly in 2022. Incidents included an attack on a bridge behind the crypto-powered video game Axie Infinity and another on the Wormhole network. These exploits demonstrate the risks associated with relying on code for control in DeFi platforms [133956]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to weaknesses in decentralized finance (DeFi) systems, particularly in cross-chain bridges. The incident at Binance Smart Chain highlighted vulnerabilities in the system where transactions are controlled by code, emphasizing that "software code is never bug free" [Article 133956]. The attack on the blockchain serving as a bridge for asset transfers between networks showcased the risks associated with relying on code for control in DeFi platforms, leading to significant financial losses due to the exploitation of design flaws.
(b) The software failure incident related to the operation phase involved the misuse of the system by hackers who exploited vulnerabilities in cross-chain bridges. The attack on the Binance Smart Chain network resulted in the theft of $570 million worth of cryptocurrency, highlighting the risks associated with the operation of decentralized systems controlled by code. Despite the decentralized nature of the system, community validators had to be contacted individually to stop the incident from spreading, showcasing the challenges in quickly resolving issues during emergency situations [Article 133956]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident, which involved the theft of $570 million in a hack of the Binance Smart Chain network, was primarily attributed to vulnerabilities within the system itself. Binance's CEO mentioned that "Software code is never bug free" [133956]. The incident highlighted weaknesses in decentralized finance (DeFi) where transactions are controlled by code, indicating that the vulnerabilities were inherent to the system's design and implementation. Additionally, the postmortem analysis and the need for more advanced security measures to address these vulnerabilities further emphasize that the failure originated from within the system [133956].
(b) outside_system: While the software failure incident was primarily caused by vulnerabilities within the Binance Smart Chain network, external factors such as the hackers exploiting these weaknesses also played a significant role. The attack on the cross-chain bridge of the blockchain network was executed by external malicious actors, indicating that the breach originated from outside the system [133956]. The fact that the incident required intervention from the community validators to prevent further spread of the attack suggests that external threats posed a significant risk to the system's security [133956]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case occurred due to non-human actions, specifically a hack on the Binance Smart Chain network. The hack resulted in the theft of $570 million in cryptocurrency, highlighting vulnerabilities in decentralized finance systems where transactions are controlled by code [133956].
(b) Human actions were also involved in the response to the software failure incident. Binance's chief executive, Changpeng Zhao, emphasized the need for the industry to learn from such incidents and implement more advanced security measures to address vulnerabilities in cross-chain bridges [133956]. Additionally, the Binance Smart Chain community, consisting of validators who hold tokens and can vote on code changes, took actions such as contacting validators to stop the incident from spreading and considering options like freezing the stolen funds and offering a bounty for catching the hackers [133956]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is not attributed to hardware issues. Instead, it is primarily related to vulnerabilities in software code used in decentralized finance platforms, particularly in cross-chain bridges. The incident involved a hack on the Binance Smart Chain network, highlighting weaknesses in DeFi transactions controlled by code [133956].
(b) The software failure incident is directly linked to software vulnerabilities. Binance confirmed that $570 million was stolen in a hack of its blockchain, emphasizing that software code is never bug-free. The attack targeted vulnerabilities in cross-chain bridges, showcasing the risks associated with relying on code for control in DeFi platforms [133956]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident in this case was malicious, as it involved a hack on the Binance Smart Chain network resulting in the theft of $570 million in cryptocurrency [133956]. The attack was carried out with the intent to steal funds from the blockchain, highlighting vulnerabilities in decentralized finance systems like cross-chain bridges.
(b) Additionally, the incident also sheds light on non-malicious factors contributing to the failure, such as weaknesses in software code and vulnerabilities in cross-chain bridges that were exploited by hackers. The incident underscores the importance of implementing advanced security measures and learning from such attacks to improve the resilience of decentralized systems [133956]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. The incident involving the hack of the Binance Smart Chain network, resulting in the theft of $570 million, highlighted weaknesses in decentralized finance (DeFi) where transactions are controlled by code. Binance's chief executive, Changpeng Zhao, acknowledged that software code is never bug-free and emphasized the vulnerabilities in cross-chain bridges. The incident also revealed that a reliance on code for control of DeFi platforms can leave systems exposed, and in emergency situations, decentralization can hinder quick issue resolution [133956]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident reported in the articles can be attributed to development incompetence. Binance's chief executive, Changpeng Zhao, acknowledged that "software code is never bug free" [Article 133956]. The incident involving the hack of the Binance Smart Chain network, which resulted in the theft of $570 million, highlighted weaknesses in decentralized finance (DeFi) systems where transactions are controlled by code. The vulnerabilities in cross-chain bridges were exploited in multiple attacks, indicating a lack of robust security measures in place despite the significant value at risk [Article 133956].
(b) The software failure incident was not described as accidental in the articles. Instead, it was emphasized that the vulnerabilities and weaknesses in the system were known issues that needed to be addressed through more advanced security measures and learning from past attacks [Article 133956]. |
| Duration |
temporary |
(a) The software failure incident in the article is more of a temporary nature. The incident involved a hack on the Binance Smart Chain network, resulting in the theft of $570 million in cryptocurrency. The incident was described as an attack on the blockchain that serves as a bridge for asset transfers between networks. Binance's CEO mentioned that vulnerabilities in cross-chain bridges were exploited, highlighting weaknesses in decentralized finance (DeFi) systems controlled by code. The incident led to discussions within the community about implementing more advanced security measures to address such vulnerabilities in the future [133956]. |
| Behaviour |
crash, omission, timing, value, byzantine, other |
(a) crash: The incident involving the hack of the Binance Smart Chain network resulted in a loss of $570 million. The system was compromised, indicating a failure due to the system losing state and not performing its intended functions [133956].
(b) omission: The hack of the Binance Smart Chain network led to the theft of a significant amount of cryptocurrency. This indicates a failure due to the system omitting to perform its intended functions of securely managing and protecting user assets [133956].
(c) timing: The incident highlighted weaknesses in decentralized finance, particularly in cross-chain bridges, where transactions are controlled by code. While the system was able to eventually stop the incident from spreading by contacting community validators, there was a delay in closure, indicating a timing failure in resolving the issue promptly [133956].
(d) value: The hack of the Binance Smart Chain network resulted in the theft of $570 million worth of cryptocurrency. This indicates a failure due to the system performing its intended functions incorrectly by allowing unauthorized access to and transfer of valuable assets [133956].
(e) byzantine: The incident involving the hack of the Binance Smart Chain network showcased vulnerabilities in cross-chain bridges and decentralized finance platforms. The exploitation of these vulnerabilities by hackers demonstrates a failure of the system to provide consistent and secure interactions, leading to inconsistent responses and unauthorized transactions [133956].
(f) other: In addition to the specific behaviors mentioned above, the incident also highlighted the challenges of relying on code for control in decentralized finance platforms. The decentralized nature of these systems can sometimes hinder quick issue resolution, as seen in the delay in closing the incident despite efforts to contact community validators [133956]. |