blockchains-security-toolkit/exploit_analysis/binance_bridge.md

🍳 binance bridge

tl;dr

• an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge
• the attacker exploited the BNB bridge into minting 2 batches of 1M BNB each, via falsified proofs of deposit on the legacy binance beacon chain
• the bridge uses vulnerable IAVL verification which the attacker was able to forge, specifically for block 110217401
• to not draw attention, funds were deposited as collateral on the lending platfor, venus protocol - making it look like it was simply a gigawhale
• users begain to notice high-slippage swaps and tether blackisting funds
• the attacker supplied 900k bnb to venus, borrowing a total of $147M in stablecoins, before bridiging to ethereum and l2s, fantom, avalance, polygon
• bnb paused for 8h, with 26 validators the chain is not really decentralized

resources

• samczsum
• rekt
• slow mist
• dedaub