## 🍳 binance bridge

<br>

### tl;dr

*  an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge
*  the attacker exploited the BNB bridge into minting 2 batches of 1M BNB each, via falsified proofs of deposit on the legacy binance beacon chain
*  the bridge uses vulnerable IAVL verification which the attacker was able to forge, specifically for block 110217401
*  to not draw attention, funds were deposited as collateral on the lending platfor, venus protocol - making it look like it was simply a gigawhale
*  users begain to notice high-slippage swaps and tether blackisting funds
*  the attacker supplied 900k bnb to venus, borrowing a total of $147M in stablecoins, before bridiging to ethereum and l2s, fantom, avalance, polygon
*  bnb paused for 8h, with 26 validators the chain is not really decentralized

<br>

<img width="367" alt="Screen Shot 2022-10-07 at 2 15 35 PM" src="https://user-images.githubusercontent.com/1130416/194653537-f69b7c4b-0d72-43ef-a871-363b723a2e34.png">


<br>

### resources

<br>

* [samczsum](https://twitter.com/samczsun/status/1578167198203289600)
* [rekt](https://rekt.news/bnb-bridge-rekt/)
* [slow mist](https://twitter.com/SlowMist_Team/status/1578220472373649408)
* [dedaub](https://twitter.com/dedaub/status/1578428002701959170)