Binance Bridge

2019-01-01

Binance launches bridge infrastructure connecting Binance Chain and BNB Smart Chain ecosystems.

2020-09-01

BNB Smart Chain (BSC) launches; BSC Token Hub becomes primary cross-chain bridge for the BNB ecosystem.

2022-10-06

At 18:26 UTC, attacker mints first 1 million BNB via forged IAVL Merkle proof from block 110217401 to address 0x489A8756C18C0b8B24EC2a2b9FF3D4d447F79BEc. Transaction hash: 0xebf83628ba893d35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b.

2022-10-06

At 20:43 UTC, attacker mints second 1 million BNB via second forged proof. Transaction hash: 0x05356fd06ce56a9ec5b4eaf9c075abd740cae4c21eab1676440ab5cd2fe5c57a. Total minted: 2 million BNB (~$586M).

2022-10-06

Attacker deposits 900,000 BNB as collateral on Venus Protocol and borrows approximately $147.5M in stablecoins (USDT, USDC, BUSD).

2022-10-06

Attacker bridges stolen stablecoins to Ethereum (~$53M), Fantom (~$57M), Polygon (~$400K), Avalanche, Optimism, and Arbitrum via Stargate Finance and Multichain.

2022-10-06

At approximately 21:35 UTC, all 44 BNB Smart Chain validators coordinate to halt BSC, trapping ~$430M in assets on-chain. Chain halted for approximately 8 hours.

2022-10-07

Binance CEO Changpeng Zhao (CZ) publicly confirms the exploit and chain halt. Tether and Circle freeze combined $33.5M in USDT and USDC held by the attacker.

2022-10-07

Binance restores cross-chain bridge operations after validators apply hotfix release v1.1.15 patching the IAVL verification flaw.

2022-10-08

Cosmos engineers begin intensive security review of ICS-23 implementation in response to the BSC incident, identifying the broader 'Dragonberry' vulnerability affecting all IBC-enabled Cosmos chains.

2022-10-12

BNB Chain implements Moran Hardfork with permanent IAVL hash-check vulnerability fix.

2023-11-01

BNB Chain Core proposes forced liquidation of exploiter's Venus Protocol collateral position. USDT and USDC positions force-liquidated to recover partial funds without open-market BNB sell-off.