BNB Bridge / BSC Token Hub: Forged Cryptographic Proof / IAVL Verification Bypass
An attacker forged two cryptographic deposit proofs to mint 2 million BNB ($586M) from the BNB Bridge — then Binance simply paused the entire blockchain to limit damage, revealing the centralisation behind "DeFi's 3rd largest L1."
Summary #
BNB Bridge / BSC Token Hub suffered a Cross-Chain Bridge on 2022-10-06, resulting in a loss of approximately $586M.
What happened #
An attacker forged two cryptographic deposit proofs to mint 2 million BNB ($586M) from the BNB Bridge — then Binance simply paused the entire blockchain to limit damage, revealing the centralisation behind "DeFi's 3rd largest L1."
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited for this specific flaw]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Binance / centralised team (not anonymous)]