Bridge Exploit attacks on BNB Chain

1B bridged DOT minted on Hyperbridge after a missing bounds check in VerifyProof let an attacker forge MMR proofs; realised loss ~$2.5M.

GriffinAI, an AI-agent crypto project, lost ~$3M after a bridge/mint flaw let an attacker mint unbacked GAIN tokens and dump them, collapsing the price.

Access-control flaw drained $3.76M from Nervos's Force Bridge on Ethereum and BNB Chain; loot was swapped to ETH and routed via Tornado Cash and FixedFloat.

~$220K drained from HYPR Network after a bridge/contract flaw let an attacker extract bridged liquidity — a small but clean bridge failure.

A flawed Merkle proof verification in BSC's native bridge let the attacker forge withdrawals for 2M BNB before validators paused the chain.

Meter Passport bridge lost $4.4M when its deposit handler trusted a wrapped-token transfer amount that could be set without backing, minting bridged BNB/ETH.

An attacker tricked Qubit's BSC bridge into minting 77,162 qXETH ($185M nominal) without depositing any ETH, borrowing 206,809 BNB ($80M).

$13M+ drained from THORChain across two attacks one week apart, both exploiting fake-deposit flaws in the Bifrost Ethereum bridge weeks into Chaosnet.

Vulnerability in ChainSwap's Ethereum-BSC bridge let an attacker mint arbitrary amounts of 20+ supported tokens; $4M drained, affected tokens crashed 95%+.

Attacker detected a repeated k-value in two BSC signatures, back-calculated Anyswap V3's MPC private key, and drained $7.9M from its cross-chain router pools.