Centralized exchange Binance has executed a hard fork to release a critical security patch to its blockchain, the Binance Smart Chain, following a $100 million hack.
Binance undertakes a hard fork to protect its blockchain and platform
To apply this hotfix in order to strengthen the security of its crypto trading platform, Binance was forced to perform a hard fork to update the previous version. Indeed, in order to update the decentralized protocols, it is necessary to perform hard forks, which are in fact updates that are not backward compatible.
So when an update that is not backwards compatible is applied to a protocol, a split is created. Therefore, the new protocol differs from the previous one because it is not backward compatible.
In doing so, two separate protocols are effectively created. However, when users and operators switch from the old version to the new update, only one protocol remains active.
So in this specific case, there was no real chain split, as the old protocol is being dropped and completely replaced by the new one, so there is only one chain of ENBs left. .
On the other hand, for example, when the hard fork that caused the Ethereum merger took place, some miners decided not to upgrade and continued to use the old version based on the Proof method. -of-Work.
The BNB Chain hard fork introducing an urgent patch called Moran occurred at block 22,107,423.
The changes brought by this update include not only the fixing of the vulnerability in the IAVL hash verification, but also the introduction of the block header for sequence verification in smart contracts cross-chain as well as the genesis relay candidate whitelist.
Cross-chain bridge vulnerabilities
Cross-chain bridges allow users to transfer resources between two different blockchains. In particular, the one that was attacked a few days ago is a bridge that allows exchanges between Beacon Chain and Smart Chain from the same BNB chain.
Indeed, the Beacon Chain BNB manages the governance and staking of the network, while the Smart Chain is used for smart contracts compatible with the Ethereum virtual machine.
So while the attack did not happen directly on the BNB chain, but only on the bridge’s smart contract, the bridge was too important a bridge to simply stop using.
Therefore, an intervention by the BNB chain team was necessary to fix this vulnerability.
Before this update, the attacker had time to exploit a vulnerability related to the IAVL hash verification integrated into the bridge, which required the application of the corresponding patch.
And for good reason, the hacker managed to mint 2 million BNB tokens out of thin air for a value of around $560 million.
Then he managed to transfer tokens with a total value of around $100 million to other blockchains like Ethereum, Fantom, Polygon (MATIC), Avalanche and Arbitrum. The majority of the BNB tokens created, however, remained on BNB Chain and were subsequently frozen.
During the attack, the BNB Chain team asked all 44 validators to temporarily halt their operations, only to be reactivated later after the attacked bridge was closed.
Read also : ARK provides advice to the Federal Reserve