Skip to main content
Sign in
BNB Chain Bridge1 decision on this page

Audit log

Every state-changing event for BNB Chain Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:25:03Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,210,378
    sig
    2PJzBoFGV36k…vWxAvvCRexplorer ↗
    hash
    4BwZkzn8giT8…fFcmgUE3sha256 → base58
    verifying row…full verify ↗
    canonical bytes (5700 B) ▸
    {"actor":"system:backfill","investigation_id":"1880498b-a15d-46c2-aedf-3c9922c021d9","kind":"publish","page_slug":"bnb-chain-bridge","published_at":"2026-05-30T18:25:03.924Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BNB Chain Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-bnb-chain-hack-october-2022","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-binance-bridge-october-2022-2876d39247c1","type":"other","url":""},{"credibility":3,"name":"https://sanebow.me/bnb-hack-iavl-explained","type":"other","url":""},{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/attack-mints-569-million-worth-of-bnb-tokens-in-bsc-bridge-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/attack-mints-569-million-worth-of-bnb-tokens-in-bsc-bridge-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-the-bnb-smart-chain-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2022/10/07/more-than-100-million-worth-of-binances-bnb-token-stolen-in-another-major-crypto-hack.html","type":"other","url":""},{"credibility":3,"name":"https://www.nansen.ai/research/bnb-chains-cross-chain-bridge-exploit-explained","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/bnb-chain-confirms-bsc-halt-due-to-potential-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/10/10/binance-exec-bnb-smart-chain-hack-could-have-been-worse-if-validators-hadnt-sprung-into-action","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/crypto/2022/10/06/binance-smart-chain-halts-after-exploit/","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/after-bnb-chain-hack-operators-must-face-question-of-decentralization","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/10/11/bnb-smart-chain-to-perform-hard-fork-as-fix-for-100m-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.bnbchain.org/en/blog/technology-update-of-bnb-chain-in-october-2022/","type":"other","url":""},{"credibility":3,"name":"https://github.com/bnb-chain/BEPs/pull/171","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/bnb-beacon-chain-hard-fork-adds-panic-feature-that-can-halt-blockchain","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bsc-token-hub-bridge-hack","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@sharkteam/causes-of-merkle-tree-vulnerability-and-tracking-of-on-chain-funds-analysis-of-bnbchain-9aa802323754","type":"other","url":""},{"credibility":3,"name":"https://arxiv.org/html/2501.03423v1","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-the-bnb-smart-chain-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"The BSC Token Hub, BNB Chain's cross-chain bridge connecting BNB Beacon Chain and BNB Smart Chain, was exploited on October 6, 2022 via a forged IAVL Merkle proof that allowed an attacker to mint approximately 2 million BNB valued at roughly $566–570 million. Rapid validator coordination halted the chain and froze most funds on BSC, limiting the attacker's realized gain to an estimated $137 million, though the incident exposed deep structural centralization concerns about BNB Smart Chain's 21-validator Proof of Staked Authority model.","timeline":[{"date":"2022-10-06","event":"Attacker executes two transactions of 1 million BNB each via a forged IAVL Merkle proof on the BSC Token Hub bridge, minting approximately 2 million BNB (~$566–570 million).","source":""},{"date":"2022-10-06","event":"BNB Chain contacts all 44 active validators and requests they suspend block production on BNB Smart Chain to prevent further fund movement.","source":""},{"date":"2022-10-06","event":"Binance CEO Changpeng Zhao publicly confirms the exploit on Twitter, states the issue is contained and user funds are safe.","source":""},{"date":"2022-10-07","event":"BNB Smart Chain resumes operations with a hotfix. Tether and Circle blacklist the attacker's addresses, freezing $33.5 million combined in USDT and USDC.","source":""},{"date":"2022-10-07","event":"Post-incident analysis confirms approximately $137 million was moved to other chains before the halt, with roughly $430 million remaining frozen on BSC.","source":""},{"date":"2022-10-11","event":"BNB Chain announces a scheduled hard fork for October 12 to permanently patch the cross-chain bridge vulnerability.","source":""},{"date":"2022-10-12","event":"BNB Chain hard fork (client v1.1.15) executed at 08:00 UTC, patching the IAVL proof verification flaw and re-enabling the cross-chain bridge.","source":""},{"date":"2022-10-13","event":"Cosmos SDK releases coordinated security disclosures for the 'Dragonfruit' and 'Dragonberry' bugs affecting all IBC-enabled chains using the same IAVL library.","source":""},{"date":"2023-02-06","event":"BNB Chain's Planck hard fork implements BEP-171, introducing permanent security enhancements including ICS23 proof verification, transfer time-locks, and emergency channel-pause mechanisms.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 0d184f90-5fa6-45d3-97f4-71463a6e60d6
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.