BNB Chain Bridge (BSC Token Hub) Hack 2022 — $570M Exploit Analysis

Attacker forged proofs to mint 2M BNB from BSC's cross-chain bridge, exploiting a bug in the IAVL Merkle proof verification.

Details

Full Description

The attacker exploited a vulnerability in the BSC Token Hub bridge's Merkle proof verification (IAVL library). By crafting fraudulent proofs, they caused the bridge to mint 2M BNB directly to their address. The BNB Chain was paused within hours to limit damage.

Laundering Analysis

Attacker immediately began moving BNB cross-chain using various bridges (Multichain, Stargate). Significant portions deposited into lending protocols as collateral to borrow stablecoins. Blockchain validators froze approximately $7M. Remaining ~$400M dispersed across DeFi protocols on multiple chains.

Sources

Transaction Hashes

Related Hacks

Back to Browse