A few days ago, a bridge based on BNB Chain suffered a hack attack that allowed attackers to steal about $100 million in crypto.
Despite the fact that the hack was not done directly on BNB Chain, but on a smart contract running on this blockchain, the BNB Chain team still decided to raise security levels.
Therefore, they created an urgent patch to “mitigate the cross-chain infrastructure between Beacon Chain and Smart Chain,” so they could reactivate the cross-chain.
BNB Chain performs a hard fork
To apply that patch they were forced to release a new version, 1.1.16, which is effectively a hard fork of the previous one.
Oftentimes, in order to update decentralized protocols it is necessary to perform hard forks, which are in effect updates that are not backward compatible.
When an update that is not backward compatible is applied to a protocol, a divide is created, with the new protocol becoming something different from the previous one because it is not backward compatible. This effectively creates two different protocols, but if users and operators stop using the previous one and replace it with the new updated version, only one active protocol remains.
So in this specific case there was no real splitting of the chain, because the old protocol is abandoned and completely replaced by the new one, so there continues to be only one BNB Chain.
By contrast, for example, when the hard fork that initiated the Ethereum Merge took place, some miners decided not to upgrade and continue to use the old Proof-of-Work-based version. In doing so, the chain split and two cryptocurrencies were born, ETHW (Ethereum PoW) which is nothing more than a continuation of the old un-updated PoW-based protocol, and ETH (actual Ethereum) which is the new updated PoS-based version.
The hard fork of BNB Chain introducing the urgent patch was called Moran, and it occurred at block 22,107,423.
The changes made by this update include not only fixing the vulnerability in iavl hash checking, but also introducing the block header in sequence checking in cross-chain smart contracts, and whitelists the genesis candidate relayer.
The vulnerabilities of cross-chain bridges
Cross-chain bridges allow users to transfer resources between two different blockchains. In particular, the one attacked a few days ago is a bridge that allows exchanges between Beacon Chain and Smart Chain of the same BNB Chain. In fact, BNB Beacon Chain handles the governance and staking of the network, while the Smart Chain is used for Ethereum Virtual Machine-compatible smart contracts. In addition, both of these chains can in turn connect to other chains through another bridge called the Token Hub.
Thus, although the attack did not occur directly on BNB Chain, but only on the bridge smart contract, it is too important a bridge to simply stop using it. Therefore, an intervention by the BNB Chain team was necessary to fix the vulnerability so that it could be reactivated.
In particular, the attacker exploited the vulnerability related to the iavl hash check built into the bridge, and this required applying the corresponding patch.
The attacker had managed to mint 2 million BNB tokens out of thin air, worth about $560 million. He later managed to transfer tokens with a total value of about $100 million to other blockchains such as Ethereum, Fantom, Polygon, Avalanche, and Arbitrum. The majority of the BNB tokens created, however, remained on BNB Chain and were subsequently frozen.
Upon realizing the attack, the BNB Chain team asked all 44 validators to momentarily halt operations, only to reactivate them later after the attacked bridge was closed. Thanks to the patch applied yesterday, the bridge should be reactivated.
It is worth noting that this type of operation, namely suspending the activities of the entire blockchain, on truly decentralized protocols is virtually impossible, because it is extremely difficult for all nodes to actually stop operating. For example, Bitcoin has more than 15,000 nodes, largely unknown, so it would be effectively impossible to convince them all to shut down, even if only for a certain period of time.
BNB Chain, on the other hand, is a protocol originally created by Binance, and with only 44 validator nodes, all of which are known. The fact that it was possible to contact them all and convince them very quickly to stop operations reveals rather clearly that it is not a truly decentralized protocol.