BNB Chain executes a hard fork to safeguard the network after a $100 million cyberattack
BNB Chain has completed the Moran hard fork update in an effort to rebuild and safeguard infrastructure after a significant attack last week.
The hard fork, a blockchain update that executes a significant change to the network’s core software, was successfully completed at 4 a.m. ET on Wednesday, block height 22,107,423. It was primarily done to apply a software patch that corrected a significant vulnerability that an unknown attacker exploited to steal more than $100 million from the cross-chain bridge of BNB Chain on Friday.
The development team revealed the update in a GitHub post on Tuesday, stating that a hard fork will be performed to apply a fix and re-enable the network’s “cross-chain functionality.”
This cross-chain bridge enables users to move assets between Beacon Chain and Smart Chain, two distinct blockchains inside the BNB Chain network. The BNB Beacon Chain manages the network’s governance and staking, while the Smart Chain provides an Ethereum Virtual Machine-compatible platform for deploying smart contracts and applications. Using the Token Hub bridge, each of these networks may link to other third-party chains as well.
During the hack, the perpetrator faked security proofs by exploiting a vulnerability associated with “iavl hash check,” an in-built security check for the bridge. This allowed the hacker to create 2 million BNB tokens out of thin air, which was valued at around $560 million at the time. The hacker moved more than $100 million to third-party chains, including Ethereum, Fantom, Polygon, Avalanche, and Arbitrum, according to on-chain statistics. Nearly $430 million worth of compromised assets remained in the hacker’s wallet on the BNB Chain.
In reaction to the vulnerability, the team paused the blockchain and ordered its 44 validators, including its 26 active validators, to cease activities. The team then re-enabled the network, but the bridge remained disabled until the security flaw could be patched. The pause was also an attempt to stop the attacker and recover any stolen cash that the attacker had not yet transferred to other chains.