Verify a decision

{"actor":"system:backfill","investigation_id":"1880498b-a15d-46c2-aedf-3c9922c021d9","kind":"publish","page_slug":"bnb-chain-bridge","published_at":"2026-05-30T18:25:03.924Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BNB Chain Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-bnb-chain-hack-october-2022","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-binance-bridge-october-2022-2876d39247c1","type":"other","url":""},{"credibility":3,"name":"https://sanebow.me/bnb-hack-iavl-explained","type":"other","url":""},{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/attack-mints-569-million-worth-of-bnb-tokens-in-bsc-bridge-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/attack-mints-569-million-worth-of-bnb-tokens-in-bsc-bridge-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-the-bnb-smart-chain-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2022/10/07/more-than-100-million-worth-of-binances-bnb-token-stolen-in-another-major-crypto-hack.html","type":"other","url":""},{"credibility":3,"name":"https://www.nansen.ai/research/bnb-chains-cross-chain-bridge-exploit-explained","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/bnb-chain-confirms-bsc-halt-due-to-potential-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/10/10/binance-exec-bnb-smart-chain-hack-could-have-been-worse-if-validators-hadnt-sprung-into-action","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/crypto/2022/10/06/binance-smart-chain-halts-after-exploit/","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/after-bnb-chain-hack-operators-must-face-question-of-decentralization","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/10/11/bnb-smart-chain-to-perform-hard-fork-as-fix-for-100m-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.bnbchain.org/en/blog/technology-update-of-bnb-chain-in-october-2022/","type":"other","url":""},{"credibility":3,"name":"https://github.com/bnb-chain/BEPs/pull/171","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/bnb-beacon-chain-hard-fork-adds-panic-feature-that-can-halt-blockchain","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bsc-token-hub-bridge-hack","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@sharkteam/causes-of-merkle-tree-vulnerability-and-tracking-of-on-chain-funds-analysis-of-bnbchain-9aa802323754","type":"other","url":""},{"credibility":3,"name":"https://arxiv.org/html/2501.03423v1","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-the-bnb-smart-chain-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"The BSC Token Hub, BNB Chain's cross-chain bridge connecting BNB Beacon Chain and BNB Smart Chain, was exploited on October 6, 2022 via a forged IAVL Merkle proof that allowed an attacker to mint approximately 2 million BNB valued at roughly $566–570 million. Rapid validator coordination halted the chain and froze most funds on BSC, limiting the attacker's realized gain to an estimated $137 million, though the incident exposed deep structural centralization concerns about BNB Smart Chain's 21-validator Proof of Staked Authority model.","timeline":[{"date":"2022-10-06","event":"Attacker executes two transactions of 1 million BNB each via a forged IAVL Merkle proof on the BSC Token Hub bridge, minting approximately 2 million BNB (~$566–570 million).","source":""},{"date":"2022-10-06","event":"BNB Chain contacts all 44 active validators and requests they suspend block production on BNB Smart Chain to prevent further fund movement.","source":""},{"date":"2022-10-06","event":"Binance CEO Changpeng Zhao publicly confirms the exploit on Twitter, states the issue is contained and user funds are safe.","source":""},{"date":"2022-10-07","event":"BNB Smart Chain resumes operations with a hotfix. Tether and Circle blacklist the attacker's addresses, freezing $33.5 million combined in USDT and USDC.","source":""},{"date":"2022-10-07","event":"Post-incident analysis confirms approximately $137 million was moved to other chains before the halt, with roughly $430 million remaining frozen on BSC.","source":""},{"date":"2022-10-11","event":"BNB Chain announces a scheduled hard fork for October 12 to permanently patch the cross-chain bridge vulnerability.","source":""},{"date":"2022-10-12","event":"BNB Chain hard fork (client v1.1.15) executed at 08:00 UTC, patching the IAVL proof verification flaw and re-enabling the cross-chain bridge.","source":""},{"date":"2022-10-13","event":"Cosmos SDK releases coordinated security disclosures for the 'Dragonfruit' and 'Dragonberry' bugs affecting all IBC-enabled chains using the same IAVL library.","source":""},{"date":"2023-02-06","event":"BNB Chain's Planck hard fork implements BEP-171, introducing permanent security enhancements including ICS23 proof verification, transfer time-locks, and emergency channel-pause mechanisms.","source":""}]},"v":1}