Binance

On October 6, 2022, the BSC Token Hub, a cross-chain bridge connecting BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), was exploited, resulting in the theft of 2 million BNB tokens, valued at approximately $570 million, as reported by Binance and Merkle Science. Detected at 18:19 UTC, the attack exploited a flaw in the IAVL Merkle proof verification system, allowing the attacker to forge proofs for block 110217401, minting new BNB to address 0x489A8756C18C0b8B24EC2a2b9FF3D4d447F79BEc, per Sam Sun’s analysis on Twitter (@samczsun). The hacker, registered as a relayer after depositing 100 BNB, swapped $147.5 million into stablecoins (BUSD, USDT, USDC) via Venus Protocol and bridged $110 million to Ethereum, Polygon, Avalanche, Fantom, Arbitrum, and Optimism using Stargate and Anyswap, per Elliptic. Binance, with $70 billion daily volume per CoinMarketCap, paused the BNB Smart Chain for nine hours, freezing $7 million with help from Tether, Circle, and validators, per BNB Chain’s blog. The BNB price dropped 3.7% to $278.14, per Forbes. Reddit’s u/CryptoSleuth praised the swift response, but @BitcoinMaxi criticized the chain’s centralization, as halting exposed validator control. One of 13 bridge hacks in 2022 costing $2 billion, per Chainalysis, the incident led to the Moran hard fork (v1.1.16) and governance votes for a $1 million bug bounty and 10% recovery reward, per Binance. No funds were recovered by October 2023, per Arkham Intelligence, fueling calls for robust proof verification, whitelisted relayers, and decentralized bridge designs to secure cross-chain ecosystems.