Attacker forged proofs to mint 2M BNB from BSC's cross-chain bridge, exploiting a bug in the IAVL Merkle proof verification.
The attacker exploited a vulnerability in the BSC Token Hub bridge's Merkle proof verification (IAVL library). By crafting fraudulent proofs, they caused the bridge to mint 2M BNB directly to their address. The BNB Chain was paused within hours to limit damage.
Attacker immediately began moving BNB cross-chain using various bridges (Multichain, Stargate). Significant portions deposited into lending protocols as collateral to borrow stablecoins. Blockchain validators froze approximately $7M. Remaining ~$400M dispersed across DeFi protocols on multiple chains.
0x19b5e0b89e1b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3b3