BNB Smart Chain, the smart contract-enabled blockchain of Binance, the world's largest crypto exchange, has announced that it has executed a hard fork to issue a critical security patch.
The hard fork was intended to fix the security vulnerability after a major exploit drained the platform of $100 million.
The Moran Hard Fork
The hard fork, dubbed Moran, will attempt to recover and secure the chain's infrastructure after a major exploit, which took place last week. A hard fork is a significant change to the underlying software. The Moran hard fork was successfully implemented at 4 AM ET on Wednesday at block height 22,107,423. The hard fork was initiated to patch a major vulnerability that was exploited by an attacker just last week.
The attacker stole over $100 million from BNB Smart Chain's cross-chain bridge on Friday. The team announced plans for the hard fork on Tuesday through a post on GitHub, explaining the reason behind the hard fork and how the patch would allow developers to re-enable BNB Smart Chain's cross-chain infrastructure.
This release is a temporary urgent patch to mitigate the cross-chain infrastructure between Beacon Chain and Smart Chain so that the cross-chain can be re-enabled back. It is a hard fork release for both testnet and mainnet.
Mainnet: The hard fork upgrade named Moran is expected to happen at block height 22,107,423. The current block generation speed forecasts this to occur around 12 Oct. 2022 at 8:00 AM (UTC).
Testnet: The hard fork upgrade expected to happen at block height 23,603,940. The current block generation speed forecasts this to occur around 11 Oct. 2022 at 8:00 AM (UTC).
The Cross Chain Bridge
BNB Smart Chain's cross-chain bridge allows users to seamlessly transfer assets between the two blockchains that fall under the BNB Chain network. These are the Beacon Chain and the Smart Chain. The BNB Beacon Chain facilitates governance and staking on the network, while the Smart Chain is utilized as an Ethereum Virtual Machine (EVM)-compatible smart contract platform which can deploy apps.
Both chains can connect to external chains utilizing the Token hub bridge.
The BNB Chain Hack
The Exploit saw the hacker forge security proofs and use a vulnerability associated with the "iavl hash check." The iavl hash check is a security check which is baked into the bridge. This allowed the hacker to mint 2 million BNB tokens, worth $560 million at the time of minting. The available on-chain data showed that the hacker could transfer $100 million to third-party chains such as Ethereum, Polygon, Fantom, Avalanche, and Arbitrum. However, a majority of the assets remained in the hacker's wallet on the BNB chain.
The Aftermath
The BNB Chain team quickly responded, stopping the blockchain and ordering all validators to halt operations entirely. The team restarted the network, but the bridge remained shut until developers patched the vulnerability. Completely stopping the blockchain allowed developers to stop the attacker in their tracks and attempt to salvage any funds which were not moved to the other chains.
Restarting The Bridge
The hard fork will help developers restart the bridge's operations and secure the network's infrastructure. With the hard fork now complete, the team will initiate the next phase, which will see the community vote on freezing the funds held in the hacker's wallet on the BNB chain and burning them.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.