[ { "id": "bir_inc_000001", "bridge_id": "bir_bridge_000001", "slug": "ronin-bridge-2022-validator-key-compromise", "previous_slugs": [], "redirect_from": [], "title": "Ronin Bridge validator-key compromise", "incident_date": "2022-03-29", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In March 2022, Ronin Bridge was exploited after validator keys were compromised, leading to one of the largest reported bridge losses in crypto history. The incident later became a reference case for bridge validator and cross-chain security risk.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-11", "last_verified_at": "2026-06-11", "is_major_incident": true, "reported_loss_usd_display": "$620 million", "reported_loss_usd": 620000000, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "Reported as roughly $620 million in public coverage.", "reported_loss_assets": [ "eth", "usdc" ], "usd_valuation_date": "2022-03-29", "loss_amount_basis": "public reports and secondary summaries", "amount_confidence": "medium", "amount_note": "Public reports commonly cite approximately $620 million; exact valuation depends on asset prices and source timing.", "amount_claims": [ { "amount_text": "173,600 ETH and 25.5 million USDC", "amount_usd_text": "about $620 million", "source_id": "bir_src_000001", "basis": "media report", "usd_valuation_date": "2022-03-29", "notes": "Used as the display loss amount in this seed record." } ], "recovery_status": "partial_recovery", "reimbursement_status": "completed", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "ronin", "ethereum" ], "affected_assets": [ "eth", "usdc" ], "attack_vector_category": "validator_key_compromise", "postmortem_available": "unknown", "known_unknowns": [ "Exact loss valuation varies by source and valuation date.", "This seed record does not yet include a full reimbursement timeline." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/ronin-bridge-2022-validator-key-compromise/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/ronin-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000002", "bridge_id": "bir_bridge_000002", "slug": "wormhole-2022-weth-mint-exploit", "previous_slugs": [], "redirect_from": [], "title": "Wormhole 2022 wrapped ETH mint exploit", "incident_date": "2022-02-02", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In February 2022, Wormhole was exploited through a vulnerability that allowed unauthorized wrapped ETH minting on Solana. Public reporting described a loss of roughly $320 million, and the bridge deficit was later backfilled.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 6, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "$320 million", "reported_loss_usd": 320000000, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "Reported as roughly $320 million in public coverage.", "reported_loss_assets": [ "weth" ], "usd_valuation_date": "2022-02-02", "loss_amount_basis": "public reports and secondary summaries", "amount_confidence": "medium", "amount_note": "Public reports commonly cite approximately $320 million; exact valuation depends on ETH price and source timing.", "amount_claims": [ { "amount_text": "120,000 ETH", "amount_usd_text": "about $320 million", "source_id": "bir_src_000005", "basis": "media report", "usd_valuation_date": "2022-02-02", "notes": "Used as the display loss amount in this seed record." } ], "recovery_status": "not_applicable", "reimbursement_status": "completed", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "solana", "ethereum" ], "affected_assets": [ "weth" ], "attack_vector_category": "message_verification_failure", "postmortem_available": "unknown", "known_unknowns": [ "This seed record does not yet include a full technical root-cause timeline.", "Exact loss valuation varies by source and valuation date." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/wormhole-2022-weth-mint-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/wormhole/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000003", "bridge_id": "bir_bridge_000003", "slug": "nomad-bridge-2022-message-verification-exploit", "previous_slugs": [], "redirect_from": [], "title": "Nomad Bridge 2022 message verification exploit", "incident_date": "2022-08-01", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In August 2022, Nomad Bridge was exploited after a message verification flaw made fraudulent withdrawals copyable by many participants. Public reporting commonly describes the loss as roughly $190 million, with partial recovery and unresolved recovery/reimbursement questions.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 7, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "$190 million", "reported_loss_usd": 190000000, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "Reported as roughly $190 million in public coverage.", "reported_loss_assets": [ "eth", "usdc", "usdt", "wbtc" ], "usd_valuation_date": "2022-08-01", "loss_amount_basis": "public reports and secondary summaries", "amount_confidence": "medium", "amount_note": "Public reports commonly cite approximately $190 million; exact recovered and outstanding amounts require later source-specific expansion.", "amount_claims": [ { "amount_text": "about $190 million", "amount_usd_text": "about $190 million", "source_id": "bir_src_000009", "basis": "media report", "usd_valuation_date": "2022-08-01", "notes": "Used as the display loss amount in this seed record." } ], "recovery_status": "partial_recovery", "reimbursement_status": "in_progress", "restart_status": "partially_reopened", "current_outcome": "limited_after_incident", "is_unresolved": true, "unresolved_reason": [ "Only a pro-rata share of recovered assets was made available through the recovery bridge.", "Final recovery and reimbursement completion remain unresolved." ], "affected_chains": [ "ethereum", "avalanche", "unknown" ], "affected_assets": [ "eth", "usdc", "usdt", "wbtc" ], "attack_vector_category": "message_verification_failure", "postmortem_available": "full", "known_unknowns": [ "The final recovery percentage for each affected asset is not established.", "Long-term operation beyond the recovery-oriented bridge flow requires continued review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/nomad-bridge-2022-message-verification-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/nomad-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000004", "bridge_id": "bir_bridge_000004", "slug": "harmony-horizon-bridge-2022-exploit", "previous_slugs": [], "redirect_from": [], "title": "Harmony Horizon Bridge 2022 exploit", "incident_date": "2022-06-24", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In June 2022, Harmony's Horizon Bridge was exploited for roughly $100 million. Later public statements and FBI material linked the theft to Lazarus Group actors, while recovery and reimbursement details remain incomplete in this seed record.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 7, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "$100 million", "reported_loss_usd": 100000000, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "Reported as roughly $100 million in public coverage.", "reported_loss_assets": [ "eth", "usdc", "usdt", "wbtc", "bnb", "one" ], "usd_valuation_date": "2022-06-24", "loss_amount_basis": "public reports and official/security summaries", "amount_confidence": "medium", "amount_note": "Public reports commonly cite approximately $100 million; exact asset-level composition requires later source-specific expansion.", "amount_claims": [ { "amount_text": "about $100 million", "amount_usd_text": "about $100 million", "source_id": "bir_src_000013", "basis": "media report", "usd_valuation_date": "2022-06-24", "notes": "Used as the display loss amount in this seed record." } ], "recovery_status": "partial_recovery", "reimbursement_status": "in_progress", "restart_status": "not_reopened", "current_outcome": "dead_after_incident", "is_unresolved": true, "unresolved_reason": [ "Recovery and buyback activity remains ongoing and does not establish full reimbursement.", "The final recovered amount and completion date remain unknown." ], "affected_chains": [ "harmony", "ethereum", "bnb-chain" ], "affected_assets": [ "eth", "usdc", "usdt", "wbtc", "bnb", "one" ], "attack_vector_category": "validator_key_compromise", "postmortem_available": "partial", "known_unknowns": [ "The total amount repurchased, burned, or returned remains incomplete.", "The recovery program requires later outcome review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/harmony-horizon-bridge-2022-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/harmony-horizon-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000005", "bridge_id": "bir_bridge_000005", "slug": "poly-network-2021-cross-chain-exploit", "previous_slugs": [], "redirect_from": [], "title": "Poly Network 2021 cross-chain exploit", "incident_date": "2021-08-10", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In August 2021, Poly Network was exploited for more than $600 million across multiple chains. The case became a major reference point because the attacker later returned most or all of the funds, making it a recovery-centered bridge incident rather than a permanent-loss case.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-12", "last_verified_at": "2026-06-12", "is_major_incident": true, "reported_loss_usd_display": "$610 million", "reported_loss_usd": 610000000, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "Reported as more than $600 million, commonly around $610 million, in public coverage.", "reported_loss_assets": [ "eth", "usdc", "usdt", "wbtc", "bnb", "matic" ], "usd_valuation_date": "2021-08-10", "loss_amount_basis": "public reports and secondary summaries", "amount_confidence": "medium", "amount_note": "Public reports commonly cite more than $600 million; exact valuation depends on source timing and asset prices.", "amount_claims": [ { "amount_text": "more than $600 million", "amount_usd_text": "about $610 million", "source_id": "bir_src_000017", "basis": "media report", "usd_valuation_date": "2021-08-10", "notes": "Used as the display loss amount in this seed record." } ], "recovery_status": "full_recovery", "reimbursement_status": "not_applicable", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "ethereum", "bnb-chain", "polygon" ], "affected_assets": [ "eth", "usdc", "usdt", "wbtc", "bnb", "matic" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "unknown", "known_unknowns": [ "Exact asset-level composition and final operational timeline require later source-specific expansion.", "This seed does not yet include a full technical postmortem timeline." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/poly-network-2021-cross-chain-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/poly-network/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000006", "bridge_id": "bir_bridge_000006", "slug": "bsc-token-hub-2022-forged-proof-exploit", "previous_slugs": [], "redirect_from": [], "title": "BSC Token Hub 2022 forged-proof exploit", "incident_date": "2022-10-06", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In October 2022, an attacker exploited BSC Token Hub by forging a bridge proof, creating and taking two million BNB. The nominal value was nearly $570 million, while BNB Chain later stated that about $100 million remained unrecovered after validators paused and resumed the network.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "Nearly $570 million minted; about $100 million unrecovered", "reported_loss_usd": 570000000, "reported_loss_usd_min": 100000000, "reported_loss_usd_max": 570000000, "reported_loss_text": "Two million BNB were minted and taken, valued near $570 million; BNB Chain reported about $100 million moved off-chain and remained unrecovered.", "reported_loss_assets": [ "bnb" ], "usd_valuation_date": "2022-10-06", "loss_amount_basis": "nominal minted value separated from estimated unrecovered amount", "amount_confidence": "high", "amount_note": "The $570 million figure describes the nominal value of two million BNB created and taken. The approximately $100 million figure describes the amount BNB Chain said remained unrecovered after the coordinated response.", "amount_claims": [ { "amount_text": "2,000,000 BNB minted and taken", "amount_usd_text": "nearly $570 million", "source_id": "bir_src_000022", "basis": "official incident explanation", "usd_valuation_date": "2022-10-06", "notes": "Nominal amount created through the forged-proof exploit." }, { "amount_text": "about $100 million moved off-chain and remained unrecovered", "amount_usd_text": "about $100 million", "source_id": "bir_src_000022", "basis": "official incident aftermath estimate", "usd_valuation_date": "2022-10-11", "notes": "Estimated unrecovered amount, distinct from the nominal minted value." } ], "recovery_status": "partial_recovery", "reimbursement_status": "not_applicable", "restart_status": "reopened", "current_outcome": "deprecated_after_incident", "is_unresolved": true, "unresolved_reason": [ "The final disposition of the approximately $100 million described as unrecovered is not established in this seed record." ], "affected_chains": [ "bnb-beacon-chain", "bnb-chain" ], "affected_assets": [ "bnb" ], "attack_vector_category": "message_verification_failure", "postmortem_available": "partial", "known_unknowns": [ "Final realized economic loss and later recovery or liquidation outcomes require further review.", "The bridge was retired later through BNB Chain Fusion, not solely as a direct incident response." ], "conflicting_claims": [ { "claim": "Incident value", "values": [ "2,000,000 BNB minted and taken, nearly $570 million nominal value", "About $100 million reported as moved off-chain and unrecovered" ], "source_ids": [ "bir_src_000022", "bir_src_000023" ], "resolution": "Retain both figures because they measure different scopes: nominal assets created versus estimated unrecovered assets moved beyond immediate control." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/bsc-token-hub-2022-forged-proof-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/bsc-token-hub/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000007", "bridge_id": "bir_bridge_000007", "slug": "multichain-2023-abnormal-mpc-outflows", "previous_slugs": [], "redirect_from": [], "title": "Multichain 2023 abnormal MPC asset outflows", "incident_date": "2023-07-06", "incident_date_precision": "day", "incident_type": "abnormal_transfers", "summary": "In July 2023, more than $125 million in assets moved out of Multichain-controlled bridge contracts to unknown addresses. The protocol then stopped services and later announced that operations would cease after losing access to key operational systems and funds.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 5, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "More than $125 million in abnormal outflows", "reported_loss_usd": 125000000, "reported_loss_usd_min": 125000000, "reported_loss_usd_max": 130000000, "reported_loss_text": "Chainalysis reported more than $125 million in unauthorized withdrawals; other public reporting described the total as nearly $130 million.", "reported_loss_assets": [ "weth", "wbtc", "usdc", "usdt" ], "usd_valuation_date": "2023-07-06", "loss_amount_basis": "blockchain analytics and contemporaneous reporting", "amount_confidence": "medium", "amount_note": "The seed uses $125 million as the conservative display figure while preserving the higher nearly $130 million public estimate as a range.", "amount_claims": [ { "amount_text": "more than $125 million withdrawn", "amount_usd_text": "more than $125 million", "source_id": "bir_src_000026", "basis": "blockchain analytics report", "usd_valuation_date": "2023-07-06", "notes": "Used as the conservative display amount." }, { "amount_text": "nearly $130 million across multiple bridge contracts", "amount_usd_text": "nearly $130 million", "source_id": "bir_src_000027", "basis": "contemporaneous news report", "usd_valuation_date": "2023-07-06", "notes": "Retained as the upper public estimate." } ], "recovery_status": "unknown", "reimbursement_status": "unknown", "restart_status": "not_reopened", "current_outcome": "dead_after_incident", "is_unresolved": true, "unresolved_reason": [ "The final disposition of the withdrawn assets is not established in this seed record.", "The incident cause remains disputed between external key compromise and insider-controlled action." ], "affected_chains": [ "ethereum", "fantom", "bnb-chain", "polygon", "avalanche", "arbitrum" ], "affected_assets": [ "weth", "wbtc", "usdc", "usdt" ], "attack_vector_category": "operator_or_governance_issue", "postmortem_available": "partial", "known_unknowns": [ "The identity and authority of the party controlling the transfers remain unresolved.", "Frozen stablecoin balances do not by themselves establish recovery or reimbursement.", "Final user-loss and legal-custody outcomes require further review." ], "conflicting_claims": [ { "claim": "Cause of the abnormal transfers", "values": [ "External compromise of MPC or administrator keys", "Insider-controlled action or rug pull" ], "source_ids": [ "bir_src_000026", "bir_src_000029" ], "resolution": "Do not select a definitive cause without stronger primary or legal evidence; retain the incident as abnormal transfers with disputed attribution." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/multichain-2023-abnormal-mpc-outflows/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/multichain/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000008", "bridge_id": "bir_bridge_000008", "slug": "orbit-bridge-2024-ethereum-vault-exploit", "previous_slugs": [], "redirect_from": [], "title": "Orbit Bridge 2024 Ethereum vault exploit", "incident_date": "2024-01-01", "incident_date_precision": "day", "incident_type": "exploit", "summary": "On January 1, 2024, an unidentified attacker removed approximately $81.5 million in ETH, WBTC, USDT, USDC, and DAI from the Orbit Bridge Ethereum vault. The Ethereum vault was shut down, and later recovery and partial service-resumption plans remained incomplete.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 5, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "$81.5 million", "reported_loss_usd": 81500000, "reported_loss_usd_min": 81000000, "reported_loss_usd_max": 82000000, "reported_loss_text": "Orbit Chain reported approximately $81.5 million at the time of the exploit; a later recovery plan rounded the total to approximately $82 million.", "reported_loss_assets": [ "eth", "wbtc", "usdt", "usdc", "dai" ], "usd_valuation_date": "2024-01-01", "loss_amount_basis": "official incident statement, official recovery plan, and contemporaneous reporting", "amount_confidence": "high", "amount_note": "The record uses the official $81.5 million estimate as the canonical display amount and retains the $81–82 million public range.", "amount_claims": [ { "amount_text": "ETH, WBTC, USDT, USDC, and DAI removed in six incidents", "amount_usd_text": "approximately $81.5 million", "source_id": "bir_src_000030", "basis": "official incident statement", "usd_valuation_date": "2024-01-01", "notes": "Canonical display amount for this seed record." }, { "amount_text": "five stolen asset types", "amount_usd_text": "approximately $82 million", "source_id": "bir_src_000031", "basis": "official recovery plan", "usd_valuation_date": "2024-01-01", "notes": "Rounded official estimate retained as the upper end of the range." } ], "recovery_status": "unknown", "reimbursement_status": "in_progress", "restart_status": "partially_reopened", "current_outcome": "limited_after_incident", "is_unresolved": true, "unresolved_reason": [ "Complete recovery of the Ethereum-vault assets is not established.", "The exact root cause and attacker attribution remain unresolved.", "Only part of the wider bridge functionality had resumed in the reviewed official updates." ], "affected_chains": [ "orbit-chain", "ethereum" ], "affected_assets": [ "eth", "wbtc", "usdt", "usdc", "dai" ], "attack_vector_category": "unknown", "postmortem_available": "partial", "known_unknowns": [ "The final recovered amount and user reimbursement outcome require further review.", "The official investigation did not identify a smart-contract flaw or validator-key theft as the established cause.", "The relationship between earlier firewall-policy changes and the exploit was not conclusively established in the reviewed sources." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/orbit-bridge-2024-ethereum-vault-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/orbit-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000009", "bridge_id": "bir_bridge_000009", "slug": "qubit-qbridge-2022-zero-value-deposit-exploit", "previous_slugs": [], "redirect_from": [], "title": "QBridge 2022 zero-value deposit exploit", "incident_date": "2022-01-27", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In January 2022, a logic flaw in QBridge allowed an attacker to submit deposit calls without transferring ETH, mint unbacked xETH on BNB Chain, and use that collateral to withdraw roughly $80 million from Qubit markets.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 5, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "$80 million stolen; $90.8 million later damage estimate", "reported_loss_usd": 80000000, "reported_loss_usd_min": 80000000, "reported_loss_usd_max": 90800000, "reported_loss_text": "Security analysis described approximately $80 million in stolen assets, while Qubit later recalculated total affected-user damage at approximately $90.8 million.", "reported_loss_assets": [ "bnb", "weth", "wbtc", "usdc", "usdt" ], "usd_valuation_date": "2022-01-27", "loss_amount_basis": "direct stolen-asset estimate separated from later victim-damage calculation", "amount_confidence": "high", "amount_note": "The $80 million figure is the direct exploit-loss estimate. The $90.8 million figure is a later Qubit damage calculation and is retained as a distinct scope rather than replacing the stolen-asset estimate.", "amount_claims": [ { "amount_text": "assets withdrawn after unbacked xETH minting", "amount_usd_text": "approximately $80 million", "source_id": "bir_src_000036", "basis": "security postmortem", "usd_valuation_date": "2022-01-27", "notes": "Canonical display amount for the direct exploit loss." }, { "amount_text": "updated amount of damage across affected users", "amount_usd_text": "approximately $90.8 million", "source_id": "bir_src_000039", "basis": "official compensation and market-reopening update", "usd_valuation_date": "2022-02-22", "notes": "Later damage calculation; not treated as the direct stolen-asset amount." } ], "recovery_status": "unknown", "reimbursement_status": "in_progress", "restart_status": "not_reopened", "current_outcome": "dead_after_incident", "is_unresolved": true, "unresolved_reason": [ "Complete recovery of the stolen assets is not established.", "Completion of the announced compensation plan is not established.", "Reviewed reopening notices covered Qubit markets but did not establish QBridge reopening." ], "affected_chains": [ "ethereum", "bnb-chain" ], "affected_assets": [ "bnb", "weth", "wbtc", "usdc", "usdt" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "partial", "known_unknowns": [ "The final amount distributed through compensation mechanisms requires further review.", "The final disposition of the attacker's assets requires later source-specific investigation.", "The current operating status of Qubit lending markets should not be used as evidence that QBridge resumed." ], "conflicting_claims": [ { "claim": "Loss amount scope", "values": [ "Approximately $80 million directly stolen", "Approximately $90.8 million later affected-user damage estimate" ], "source_ids": [ "bir_src_000036", "bir_src_000039" ], "resolution": "Retain both because they measure different scopes; use $80 million as the direct exploit-loss display amount." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/qubit-qbridge-2022-zero-value-deposit-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/qubit-qbridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000010", "bridge_id": "bir_bridge_000010", "slug": "thorchain-2021-eth-router-exploit-1", "previous_slugs": [], "redirect_from": [], "title": "THORChain 2021 ETH Router exploit 1", "incident_date": "2021-07-15", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In July 2021, an attacker used a contract positioned in front of THORChain's ETH Router to make Bifrost report deposits that had not actually been received, ultimately draining ETH and contributing to protocol insolvency.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "$8 million official estimate; $5 million secondary estimate", "reported_loss_usd": 8000000, "reported_loss_usd_min": 5000000, "reported_loss_usd_max": 8000000, "reported_loss_text": "THORChain's official postmortem reported an $8 million impact and about 4,200 ETH siphoned; Rekt reported approximately $5 million in assets taken.", "reported_loss_assets": [ "eth" ], "usd_valuation_date": "2021-07-15", "loss_amount_basis": "official postmortem prioritized, with lower secondary estimate retained as a conflicting claim", "amount_confidence": "medium", "amount_note": "Use the official $8 million figure as canonical while retaining the $5 million secondary estimate because contemporary public estimates differed.", "amount_claims": [ { "amount_text": "approximately 4,200 ETH siphoned", "amount_usd_text": "$8 million impact", "source_id": "bir_src_000040", "basis": "official postmortem", "usd_valuation_date": "2021-07-15", "notes": "Canonical display amount." }, { "amount_text": "various assets taken", "amount_usd_text": "about $5 million", "source_id": "bir_src_000041", "basis": "security incident report", "usd_valuation_date": "2021-07-15", "notes": "Retained as a lower contemporary estimate." } ], "recovery_status": "unknown", "reimbursement_status": "completed", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "thorchain", "ethereum" ], "affected_assets": [ "eth" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "full", "known_unknowns": [ "The exact realized dollar loss depends on valuation timing and whether later operational insolvency effects are included." ], "conflicting_claims": [ { "claim": "Direct incident loss estimate", "values": [ "$8 million official impact estimate", "Approximately $5 million secondary estimate" ], "source_ids": [ "bir_src_000040", "bir_src_000041" ], "resolution": "Use the official $8 million estimate as canonical and retain $5 million as the lower contemporary estimate." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/thorchain-2021-eth-router-exploit-1/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/thorchain/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000011", "bridge_id": "bir_bridge_000010", "slug": "thorchain-2021-eth-router-exploit-2", "previous_slugs": [], "redirect_from": [], "title": "THORChain 2021 ETH Router exploit 2", "incident_date": "2021-07-22", "incident_date_precision": "day", "incident_type": "exploit", "summary": "A second July 2021 attack used a fake router and malicious refund memo to make Bifrost accept a fabricated deposit event, draining economically significant ERC-20 assets from THORChain's Ethereum-side liquidity.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 3, "last_reviewed_at": "2026-06-14", "last_verified_at": "2026-06-14", "is_major_incident": true, "reported_loss_usd_display": "Approximately $8 million", "reported_loss_usd": 8000000, "reported_loss_usd_min": 8000000, "reported_loss_usd_max": 8000000, "reported_loss_text": "The official postmortem and contemporary technical reporting described an impact of approximately $8 million in ERC-20 assets.", "reported_loss_assets": [ "usdc", "usdt", "unknown" ], "usd_valuation_date": "2021-07-22", "loss_amount_basis": "official postmortem and independent technical analysis", "amount_confidence": "high", "amount_note": "The affected assets included USDC, USDT, XRUNE, ALCX, SUSHI, YFI, and other ERC-20s; the seed uses existing asset references plus unknown for the broader basket.", "amount_claims": [ { "amount_text": "ERC-20 basket including USDC, USDT, XRUNE, ALCX, SUSHI and YFI", "amount_usd_text": "approximately $8 million", "source_id": "bir_src_000042", "basis": "official postmortem", "usd_valuation_date": "2021-07-22", "notes": "Canonical display amount." } ], "recovery_status": "unknown", "reimbursement_status": "completed", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "thorchain", "ethereum" ], "affected_assets": [ "usdc", "usdt", "unknown" ], "attack_vector_category": "message_verification_failure", "postmortem_available": "full", "known_unknowns": [ "The exact asset-level USD valuation varies by source timing." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/thorchain-2021-eth-router-exploit-2/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/thorchain/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000012", "bridge_id": "bir_bridge_000010", "slug": "thorchain-2026-gg20-tss-vault-exploit", "previous_slugs": [], "redirect_from": [], "title": "THORChain 2026 GG20 TSS vault exploit", "incident_date": "2026-05-15", "incident_date_precision": "day", "incident_type": "exploit", "summary": "In May 2026, a newly churned node operator exploited a vulnerability in THORChain's GG20 threshold-signature implementation, reconstructed a vault private key, and drained approximately $10.7 million from one Asgard vault across multiple chains.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 3, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "$10.7 million official estimate; more than $11 million later analytics estimate", "reported_loss_usd": 10700000, "reported_loss_usd_min": 10700000, "reported_loss_usd_max": 11000000, "reported_loss_text": "THORChain's initial exploit report reported approximately $10.7 million drained from one vault; TRM Labs later described losses exceeding $11 million across at least nine chains.", "reported_loss_assets": [ "btc", "eth", "usdc", "usdt", "wbtc", "dai", "unknown" ], "usd_valuation_date": "2026-05-15", "loss_amount_basis": "official exploit report prioritized, with later blockchain-analytics scope retained", "amount_confidence": "high", "amount_note": "The $10.7 million figure is the official initial assessment. The more-than-$11-million figure reflects later cross-chain analytics and may include a broader confirmed scope.", "amount_claims": [ { "amount_text": "one of five Asgard vaults drained", "amount_usd_text": "approximately $10.7 million", "source_id": "bir_src_000045", "basis": "official exploit report", "usd_valuation_date": "2026-05-15", "notes": "Canonical display amount." }, { "amount_text": "assets drained across at least nine chains", "amount_usd_text": "more than $11 million", "source_id": "bir_src_000046", "basis": "blockchain analytics report", "usd_valuation_date": "2026-05-15", "notes": "Retained as the later expanded estimate." } ], "recovery_status": "unknown", "reimbursement_status": "unknown", "restart_status": "paused", "current_outcome": "paused_long_term", "is_unresolved": true, "unresolved_reason": [ "The final recovery path remained subject to community governance in the reviewed official report.", "The investigation and complete technical follow-up were still pending.", "The reviewed official site continued to display trading as temporarily paused." ], "affected_chains": [ "thorchain", "bitcoin", "ethereum", "bnb-chain", "avalanche", "unknown" ], "affected_assets": [ "btc", "eth", "usdc", "usdt", "wbtc", "dai", "unknown" ], "attack_vector_category": "validator_key_compromise", "postmortem_available": "partial", "known_unknowns": [ "The final recovered amount and loss allocation are not established.", "A follow-up technical report and finalized recovery plan were pending in the reviewed official publication.", "The exact relationship between the exploited GG20 weakness and previously disclosed GG20 vulnerability classes remains under investigation." ], "conflicting_claims": [ { "claim": "Confirmed loss scope", "values": [ "Approximately $10.7 million in the official initial report", "More than $11 million across at least nine chains in later analytics" ], "source_ids": [ "bir_src_000045", "bir_src_000046" ], "resolution": "Use the official $10.7 million estimate as canonical and retain the broader analytics estimate as an upper-range claim." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/thorchain-2026-gg20-tss-vault-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/thorchain/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000013", "bridge_id": "bir_bridge_000011", "slug": "meter-passport-2022-false-deposit-exploit", "previous_slugs": [], "redirect_from": [], "title": "Meter Passport 2022 false-deposit exploit", "incident_date": "2022-02-05", "incident_date_precision": "day", "incident_type": "exploit", "summary": "An attacker directly called a modified ERC-20 deposit handler that failed to verify the transaction value, enabling unbacked BNB and WETH minting and withdrawal of bridge reserves across multiple networks.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "$4.25 million official estimate; about $4.4 million secondary estimate", "reported_loss_usd": 4250000, "reported_loss_usd_min": 4250000, "reported_loss_usd_max": 4400000, "reported_loss_text": "Meter's postmortem allocated $4.25 million of direct liabilities; independent security reporting commonly described approximately $4.4 million drained from the bridge.", "reported_loss_assets": [ "bnb", "weth" ], "usd_valuation_date": "2022-02-05", "loss_amount_basis": "official postmortem prioritized with independent security estimate retained", "amount_confidence": "high", "amount_note": "The larger figure reflects rounded external reporting. Secondary losses at Hundred Finance are not added to the direct Meter Passport amount.", "amount_claims": [ { "amount_text": "direct bridge liabilities", "amount_usd_text": "$4.25 million", "source_id": "bir_src_000048", "basis": "official postmortem compensation allocation", "usd_valuation_date": "2022-02-05", "notes": "Canonical direct-loss figure." }, { "amount_text": "bridge assets drained", "amount_usd_text": "approximately $4.4 million", "source_id": "bir_src_000050", "basis": "independent security analysis", "usd_valuation_date": "2022-02-05", "notes": "Retained as rounded secondary estimate." } ], "recovery_status": "unknown", "reimbursement_status": "in_progress", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "The final amount repurchased or paid against PASS-token liabilities is not established in this seed record." ], "affected_chains": [ "meter", "ethereum", "bnb-chain", "unknown" ], "affected_assets": [ "bnb", "weth" ], "attack_vector_category": "smart_contract_bug", "postmortem_available": "full", "known_unknowns": [ "Final compensation completion requires later review.", "Secondary losses at Hundred Finance are tracked as downstream impact rather than direct bridge loss." ], "conflicting_claims": [ { "claim": "Direct incident amount", "values": [ "$4.25 million official liability allocation", "Approximately $4.4 million independent estimate" ], "source_ids": [ "bir_src_000048", "bir_src_000050" ], "resolution": "Use $4.25 million as the canonical direct-loss amount and retain $4.4 million as the rounded secondary estimate." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/meter-passport-2022-false-deposit-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/meter-passport/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000014", "bridge_id": "bir_bridge_000012", "slug": "allbridge-core-2023-bnb-pool-exploit", "previous_slugs": [], "redirect_from": [], "title": "Allbridge Core 2023 BNB Chain pool exploit", "incident_date": "2023-04-02", "incident_date_precision": "day", "incident_type": "exploit", "summary": "Attackers used flash-loan-funded deposits, withdrawals, and swaps to exploit flawed liquidity-accounting logic in Allbridge Core's BUSD and USDT pools on BNB Chain.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 3, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $650,000 official postmortem; about $573,000 initial estimate", "reported_loss_usd": 650000, "reported_loss_usd_min": 573000, "reported_loss_usd_max": 650000, "reported_loss_text": "Allbridge later described approximately $650,000 drained across a series of attacks; contemporaneous reports initially estimated roughly $573,000.", "reported_loss_assets": [ "busd", "usdt" ], "usd_valuation_date": "2023-04-02", "loss_amount_basis": "official relaunch analysis prioritized with initial public estimate retained", "amount_confidence": "high", "amount_note": "The official later total includes a second smaller attack and is broader than the initial estimate.", "amount_claims": [ { "amount_text": "series of BNB Chain pool attacks", "amount_usd_text": "approximately $650,000", "source_id": "bir_src_000053", "basis": "official relaunch postmortem", "usd_valuation_date": "2023-04-02", "notes": "Canonical total for the series." }, { "amount_text": "initial BUSD and USDT drain", "amount_usd_text": "about $573,000", "source_id": "bir_src_000055", "basis": "contemporaneous reporting", "usd_valuation_date": "2023-04-02", "notes": "Retained as the initial public estimate." } ], "recovery_status": "partial_recovery", "reimbursement_status": "completed", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "bnb-chain" ], "affected_assets": [ "busd", "usdt" ], "attack_vector_category": "liquidity_or_accounting_failure", "postmortem_available": "full", "known_unknowns": [ "The exact unrecovered remainder after bounties and recovery payments is not itemized in this seed record." ], "conflicting_claims": [ { "claim": "Incident amount scope", "values": [ "Approximately $650,000 across the attack series", "Approximately $573,000 initial estimate" ], "source_ids": [ "bir_src_000053", "bir_src_000055" ], "resolution": "Use the later official $650,000 series total and retain $573,000 as the initial narrower estimate." } ], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/allbridge-core-2023-bnb-pool-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/allbridge-core/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000015", "bridge_id": "bir_bridge_000013", "slug": "li-fi-2022-approval-drain-exploit", "previous_slugs": [], "redirect_from": [], "title": "LI.FI 2022 approval-drain exploit", "incident_date": "2022-03-20", "incident_date_precision": "day", "incident_type": "exploit", "summary": "An unchecked external-call path in LI.FI's pre-bridge swap logic allowed an attacker to invoke token contracts and drain assets from wallets that had granted infinite approvals.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 3, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $600,000", "reported_loss_usd": 600000, "reported_loss_usd_min": 600000, "reported_loss_usd_max": 600000, "reported_loss_text": "Around $600,000 in tokens was taken from 29 wallets and converted to approximately 205 ETH.", "reported_loss_assets": [ "usdc", "usdt", "dai", "matic", "unknown" ], "usd_valuation_date": "2022-03-20", "loss_amount_basis": "contemporaneous security analysis and reporting", "amount_confidence": "high", "amount_note": "The affected basket included additional tokens represented as unknown in the current reference dictionary.", "amount_claims": [ { "amount_text": "tokens drained from 29 wallets and swapped to about 205 ETH", "amount_usd_text": "approximately $600,000", "source_id": "bir_src_000058", "basis": "contemporaneous incident report", "usd_valuation_date": "2022-03-20", "notes": "Canonical amount." } ], "recovery_status": "none", "reimbursement_status": "partial", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "Twenty-five smaller wallets were reimbursed directly, while the final disposition of the four largest claims is not established in this seed record." ], "affected_chains": [ "ethereum" ], "affected_assets": [ "usdc", "usdt", "dai", "matic", "unknown" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "full", "known_unknowns": [ "The acceptance and completion of the proposed angel-investment compensation for four larger wallets requires later review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/li-fi-2022-approval-drain-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/li-fi/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000016", "bridge_id": "bir_bridge_000013", "slug": "li-fi-2024-facet-approval-exploit", "previous_slugs": [], "redirect_from": [], "title": "LI.FI 2024 facet approval exploit", "incident_date": "2024-07-16", "incident_date_precision": "day", "incident_type": "exploit", "summary": "A newly deployed smart-contract facet omitted validation around arbitrary external calls, allowing an attacker to drain assets from 153 Ethereum and Arbitrum wallets with infinite approvals.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $11.6 million", "reported_loss_usd": 11600000, "reported_loss_usd_min": 11000000, "reported_loss_usd_max": 11600000, "reported_loss_text": "LI.FI's official incident report estimated approximately $11.6 million stolen; initial contemporaneous reporting described roughly $11 million.", "reported_loss_assets": [ "usdc", "usdt", "dai" ], "usd_valuation_date": "2024-07-16", "loss_amount_basis": "official incident report prioritized", "amount_confidence": "high", "amount_note": "The official post-incident estimate is used as canonical.", "amount_claims": [ { "amount_text": "assets drained from 153 wallets", "amount_usd_text": "approximately $11.6 million", "source_id": "bir_src_000060", "basis": "official incident report", "usd_valuation_date": "2024-07-16", "notes": "Canonical amount." }, { "amount_text": "initial public estimate", "amount_usd_text": "roughly $11 million", "source_id": "bir_src_000061", "basis": "contemporaneous reporting", "usd_valuation_date": "2024-07-16", "notes": "Retained as the initial estimate." } ], "recovery_status": "unknown", "reimbursement_status": "announced", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "The final recovered amount and completion of compensation are not established in this seed record." ], "affected_chains": [ "ethereum", "arbitrum" ], "affected_assets": [ "usdc", "usdt", "dai" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "full", "known_unknowns": [ "Later reimbursement completion requires a dedicated source review.", "The final law-enforcement and asset-tracing outcome is unknown." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/li-fi-2024-facet-approval-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/li-fi/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000017", "bridge_id": "bir_bridge_000014", "slug": "chainswap-2021-july-2-exploit", "previous_slugs": [], "redirect_from": [], "title": "ChainSwap July 2, 2021 exploit", "incident_date": "2021-07-02", "incident_date_precision": "day", "incident_type": "exploit", "summary": "An attacker exploited the ChainSwap bridge and withdrew assets from wallets that had interacted with it. The team froze the bridge and nodes, deployed a fix, and estimated total damage at approximately $800,000.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 1, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $800,000", "reported_loss_usd": 800000, "reported_loss_usd_min": 800000, "reported_loss_usd_max": 800000, "reported_loss_text": "ChainSwap's official post-mortem estimated total damage at around $800,000.", "reported_loss_assets": [ "unknown" ], "usd_valuation_date": "2021-07-02", "loss_amount_basis": "official ChainSwap post-mortem", "amount_confidence": "high", "amount_note": "The amount is an official estimate rather than an independently reconciled total.", "amount_claims": [ { "amount_text": "total damage", "amount_usd_text": "approximately $800,000", "source_id": "bir_src_000071", "basis": "official post-mortem estimate", "usd_valuation_date": "2021-07-02", "notes": "Canonical incident estimate." } ], "recovery_status": "partial_recovery", "reimbursement_status": "in_progress", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "The official post-mortem said full compensation was almost complete, but final completion is not established in this batch." ], "affected_chains": [ "ethereum", "bnb-chain", "unknown" ], "affected_assets": [ "unknown" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "full", "known_unknowns": [ "The final compensated amount and completion date remain unverified." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/chainswap-2021-july-2-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/chainswap/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000018", "bridge_id": "bir_bridge_000014", "slug": "chainswap-2021-july-10-quota-exploit", "previous_slugs": [], "redirect_from": [], "title": "ChainSwap July 10–11, 2021 quota exploit", "incident_date": "2021-07-10", "incident_date_precision": "day", "incident_type": "exploit", "summary": "A logic flaw in ChainSwap's cross-chain quota code allowed non-whitelisted addresses to increase bridge quota and affect 20 bridged assets. ChainSwap reported a combined value of approximately $4 million and took the bridge offline.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 3, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $4 million", "reported_loss_usd": 4000000, "reported_loss_usd_min": 4000000, "reported_loss_usd_max": 4000000, "reported_loss_text": "ChainSwap's post-mortem described 20 affected assets with a combined value of approximately $4 million.", "reported_loss_assets": [ "unknown" ], "usd_valuation_date": "2021-07-10", "loss_amount_basis": "official ChainSwap post-mortem", "amount_confidence": "high", "amount_note": "The official post-mortem is used for the canonical total.", "amount_claims": [ { "amount_text": "20 assets affected", "amount_usd_text": "approximately $4 million", "source_id": "bir_src_000072", "basis": "official post-mortem estimate", "usd_valuation_date": "2021-07-10", "notes": "Canonical incident estimate." } ], "recovery_status": "none", "reimbursement_status": "in_progress", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "The team described compensation as mostly finished, but final completion for all affected projects and holders is not established." ], "affected_chains": [ "ethereum", "bnb-chain", "unknown" ], "affected_assets": [ "unknown" ], "attack_vector_category": "smart_contract_bug", "postmortem_available": "full", "known_unknowns": [ "The incident crossed July 10–11 UTC in official descriptions.", "Final compensation completion requires later review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/chainswap-2021-july-10-quota-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/chainswap/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000019", "bridge_id": "bir_bridge_000015", "slug": "celer-cbridge-2022-dns-hijacking", "previous_slugs": [], "redirect_from": [], "title": "Celer cBridge 2022 DNS hijacking", "incident_date": "2022-08-17", "incident_date_precision": "day", "incident_type": "frontend_compromise", "summary": "A DNS cache-poisoning attack redirected some cBridge frontend users toward malicious smart contracts capable of draining approved tokens. Celer took the frontend offline, advised approval revocation, and restored it with additional monitoring.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $240,000 reported", "reported_loss_usd": 240000, "reported_loss_usd_min": 240000, "reported_loss_usd_max": 240000, "reported_loss_text": "Contemporaneous reporting described approximately $240,000 in user losses from the malicious frontend redirection.", "reported_loss_assets": [ "unknown" ], "usd_valuation_date": "2022-08-17", "loss_amount_basis": "contemporaneous reporting based on Celer's incident updates", "amount_confidence": "medium", "amount_note": "The amount is qualified because no dedicated official reconciliation was located in this batch.", "amount_claims": [ { "amount_text": "frontend users redirected to malicious contracts", "amount_usd_text": "approximately $240,000", "source_id": "bir_src_000077", "basis": "contemporaneous incident reporting", "usd_valuation_date": "2022-08-17", "notes": "Qualified reported estimate." } ], "recovery_status": "none", "reimbursement_status": "announced", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "Celer committed to compensate affected users, but final completion and the reconciled amount are not established in this batch." ], "affected_chains": [ "ethereum", "unknown" ], "affected_assets": [ "unknown" ], "attack_vector_category": "frontend_or_dns_compromise", "postmortem_available": "partial", "known_unknowns": [ "The exact number of affected users and final compensated total require later source review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/celer-cbridge-2022-dns-hijacking/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/celer-cbridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000020", "bridge_id": "bir_bridge_000016", "slug": "socket-2024-gateway-approval-exploit", "previous_slugs": [], "redirect_from": [], "title": "SOCKET 2024 Gateway approval exploit", "incident_date": "2024-01-16", "incident_date_precision": "day", "incident_type": "exploit", "summary": "An attacker used an incomplete input-validation path in the Socket Gateway contract to drain assets from Ethereum wallets that had granted approvals to the affected route. SOCKET paused the contracts, removed the route, restored service, and later reported recovering 1,032 ETH.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 5, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "Approximately $3.3 million", "reported_loss_usd": 3300000, "reported_loss_usd_min": 3300000, "reported_loss_usd_max": 3300000, "reported_loss_text": "Security analysis and contemporaneous reporting estimated approximately $3.3 million drained from approved wallets.", "reported_loss_assets": [ "usdc", "usdt", "unknown" ], "usd_valuation_date": "2024-01-16", "loss_amount_basis": "independent security analysis corroborated by contemporaneous reporting", "amount_confidence": "high", "amount_note": "The recovered 1,032 ETH is tracked separately and is not subtracted from the incident amount field.", "amount_claims": [ { "amount_text": "assets drained through the affected Socket Gateway route", "amount_usd_text": "approximately $3.3 million", "source_id": "bir_src_000082", "basis": "independent security analysis", "usd_valuation_date": "2024-01-16", "notes": "Canonical incident estimate." } ], "recovery_status": "partial_recovery", "reimbursement_status": "announced", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "SOCKET announced a recovery and distribution plan, but final distribution and reimbursement completion are not established in this batch." ], "affected_chains": [ "ethereum" ], "affected_assets": [ "usdc", "usdt", "unknown" ], "attack_vector_category": "cross_chain_contract_exploit", "postmortem_available": "partial", "known_unknowns": [ "The final fiat value distributed to affected users and completion date require later review." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/socket-2024-gateway-approval-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/socket-protocol/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000021", "bridge_id": "bir_bridge_000017", "slug": "pnetwork-2021-pbtc-bsc-exploit", "previous_slugs": [], "redirect_from": [], "title": "pNetwork 2021 pBTC-on-BSC exploit", "incident_date": "2021-09-19", "incident_date_precision": "day", "incident_type": "exploit", "summary": "A bug in pNetwork's Rust event-log extraction caused malicious peg-out requests to be processed on the pBTC-on-BSC bridge. The attacker stole 277 BTC collateral; other pTokens bridges were stopped and were not successfully drained.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "277 BTC", "reported_loss_usd": null, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "pNetwork's official postmortem reported that 277 BTC was stolen from collateral backing pBTC-on-BSC.", "reported_loss_assets": [ "btc" ], "usd_valuation_date": null, "loss_amount_basis": "official pNetwork postmortem", "amount_confidence": "high", "amount_note": "The canonical amount is retained in BTC rather than converted using a later fiat price.", "amount_claims": [ { "amount_text": "277 BTC stolen from pBTC-on-BSC collateral", "amount_usd_text": null, "source_id": "bir_src_000086", "basis": "official postmortem", "usd_valuation_date": null, "notes": "Canonical asset-denominated incident amount." } ], "recovery_status": "none_confirmed", "reimbursement_status": "announced", "restart_status": "partial_reopen", "current_outcome": "bridge_family_later_deprecated", "is_unresolved": true, "unresolved_reason": [ "The postmortem announced that compensation proposals would be developed, but final recovery and compensation completion are not established in this batch." ], "affected_chains": [ "bitcoin", "bnb-chain" ], "affected_assets": [ "btc" ], "attack_vector_category": "event_log_parsing_bug", "postmortem_available": "full", "known_unknowns": [ "Final compensation amount, recipients, and completion date remain unverified.", "The final disposition of the stolen BTC is not established here." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/pnetwork-2021-pbtc-bsc-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/pnetwork/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000022", "bridge_id": "bir_bridge_000017", "slug": "pnetwork-2022-pgala-misconfiguration", "previous_slugs": [], "redirect_from": [], "title": "pNetwork 2022 pGALA contract-control incident", "incident_date": "2022-11-03", "incident_date_precision": "day", "incident_type": "security_misconfiguration", "summary": "A deployment misconfiguration allowed covert takeover of the pGALA token contract on BNB Chain. pNetwork stopped processing pGALA bridge operations and performed an emergency whitehat drain of the PancakeSwap pool; the GALA collateral on Ethereum was not stolen from the bridge.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 4, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "No bridge collateral loss reported", "reported_loss_usd": 0, "reported_loss_usd_min": 0, "reported_loss_usd_max": 0, "reported_loss_text": "pNetwork stated that no funds were stolen from the GALA cross-chain bridge. Losses and disputes involving DEX pools and centralized exchanges are not treated as bridge collateral loss.", "reported_loss_assets": [ "gala" ], "usd_valuation_date": "2022-11-03", "loss_amount_basis": "official pNetwork postmortem", "amount_confidence": "high", "amount_note": "The 12,977 BNB collected by the whitehat operation is a recovery amount, not a stolen-fund amount.", "amount_claims": [], "recovery_status": "whitehat_recovery", "reimbursement_status": "announced", "restart_status": "token_replacement_planned", "current_outcome": "affected_token_deprecated", "is_unresolved": true, "unresolved_reason": [ "The announced redistribution of 12,977 BNB was delayed for legal and compliance reasons, and final distribution completion is not established in this batch." ], "affected_chains": [ "ethereum", "bnb-chain" ], "affected_assets": [ "gala", "bnb" ], "attack_vector_category": "contract_ownership_misconfiguration", "postmortem_available": "full", "known_unknowns": [ "Final whitehat-fund distribution is unverified.", "Exchange-specific user losses and remedies remain outside the bridge collateral calculation." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/pnetwork-2022-pgala-misconfiguration/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/pnetwork/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000023", "bridge_id": "bir_bridge_000018", "slug": "rainbow-bridge-2022-may-attack-attempt", "previous_slugs": [], "redirect_from": [], "title": "Rainbow Bridge May 2022 fabricated-block attack attempt", "incident_date": "2022-05-01", "incident_date_precision": "day", "incident_type": "attempted_exploit", "summary": "An attacker attempted to submit a fabricated NEAR block to the Rainbow Bridge light client on Ethereum. A watchdog challenged the submission before funds could be released, and no bridge or user funds were reported lost.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "No user-fund loss reported", "reported_loss_usd": 0, "reported_loss_usd_min": 0, "reported_loss_usd_max": 0, "reported_loss_text": "The attempted fabricated-block submission was challenged before funds were released. The attacker reportedly lost a 2.5 ETH bond.", "reported_loss_assets": [], "usd_valuation_date": "2022-05-01", "loss_amount_basis": "incident reporting based on the Aurora Labs CEO's public account", "amount_confidence": "high", "amount_note": "The attacker's forfeited 2.5 ETH bond is not bridge or user loss.", "amount_claims": [], "recovery_status": "not_required", "reimbursement_status": "not_applicable", "restart_status": "not_interrupted", "current_outcome": "attack_thwarted", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "ethereum", "near" ], "affected_assets": [ "eth", "unknown" ], "attack_vector_category": "fabricated_light_client_block", "postmortem_available": "partial", "known_unknowns": [ "A dedicated long-form official postmortem was not located; the canonical account relies on the operator's public thread and contemporaneous reporting." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/rainbow-bridge-2022-may-attack-attempt/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/rainbow-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000024", "bridge_id": "bir_bridge_000018", "slug": "rainbow-bridge-2022-august-attack-attempt", "previous_slugs": [], "redirect_from": [], "title": "Rainbow Bridge August 2022 fabricated-block attack attempt", "incident_date": "2022-08-20", "incident_date_precision": "day", "incident_type": "attempted_exploit", "summary": "An attacker submitted a fabricated NEAR block to the Rainbow Bridge contract with a 5 ETH safe deposit. Automated watchdogs challenged the transaction in under approximately 31 seconds; no user funds were reported lost and the attacker forfeited the deposit.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "No user-fund loss reported", "reported_loss_usd": 0, "reported_loss_usd_min": 0, "reported_loss_usd_max": 0, "reported_loss_text": "The fabricated-block attempt was challenged before bridge funds were released. The attacker lost a 5 ETH safe deposit.", "reported_loss_assets": [], "usd_valuation_date": "2022-08-20", "loss_amount_basis": "contemporaneous reporting quoting the Aurora Labs CEO", "amount_confidence": "high", "amount_note": "The attacker's forfeited 5 ETH deposit is recorded separately and is not bridge or user loss.", "amount_claims": [], "recovery_status": "not_required", "reimbursement_status": "not_applicable", "restart_status": "not_interrupted", "current_outcome": "attack_thwarted", "is_unresolved": false, "unresolved_reason": [], "affected_chains": [ "ethereum", "near" ], "affected_assets": [ "eth", "unknown" ], "attack_vector_category": "fabricated_light_client_block", "postmortem_available": "partial", "known_unknowns": [ "A dedicated long-form official postmortem was not located; the canonical account relies on the operator's public thread and contemporaneous reporting." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/rainbow-bridge-2022-august-attack-attempt/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/rainbow-bridge/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000025", "bridge_id": "bir_bridge_000019", "slug": "synapse-2021-nusd-metapool-exploit", "previous_slugs": [], "redirect_from": [], "title": "Synapse 2021 nUSD metapool exploit", "incident_date": "2021-11-06", "incident_date_precision": "day", "incident_type": "exploit", "summary": "An attacker manipulated the Avalanche nUSD metapool virtual price by approximately 12.5% through a bug in the Saddle-derived metapool implementation. The attacker attempted to move approximately $8.2 million in nUSD through the bridge while validators were offline; the malicious transaction was not processed and affected liquidity providers were to be made whole.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-15", "last_verified_at": "2026-06-15", "is_major_incident": true, "reported_loss_usd_display": "No ultimate fund loss reported; approximately $8.2 million nUSD protected", "reported_loss_usd": 0, "reported_loss_usd_min": 0, "reported_loss_usd_max": 0, "reported_loss_text": "Synapse stated that no funds were ultimately lost because validators did not process the attacker's approximately $8.2 million nUSD bridge transaction.", "reported_loss_assets": [ "nusd" ], "usd_valuation_date": "2021-11-06", "loss_amount_basis": "official Synapse postmortem", "amount_confidence": "high", "amount_note": "Approximately $8.2 million is the protected malicious transfer amount, not realized user loss.", "amount_claims": [], "recovery_status": "funds_protected", "reimbursement_status": "in_progress", "restart_status": "reopened", "current_outcome": "active_after_incident", "is_unresolved": true, "unresolved_reason": [ "The official postmortem said Avalanche nUSD liquidity providers would be made whole, but final distribution completion is not independently established in this batch." ], "affected_chains": [ "avalanche", "unknown" ], "affected_assets": [ "nusd", "usdc", "unknown" ], "attack_vector_category": "metapool_virtual_price_bug", "postmortem_available": "full", "known_unknowns": [ "Final liquidity-provider distribution completion is unverified." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/synapse-2021-nusd-metapool-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/synapse-protocol/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000026", "bridge_id": "bir_bridge_000020", "slug": "nerve-bridge-2021-metapool-exploit", "previous_slugs": [], "redirect_from": [], "title": "Nerve Bridge 2021 metapool exploit", "incident_date": "2021-11-15", "incident_date_precision": "day", "incident_type": "metapool_exploit", "summary": "An attacker exploited an inconsistent exchange-amount calculation in Saddle-derived metapool code used by Nerve Bridge. BlockSec reported that the fUSDT and UST pools were drained and that the attacker gained approximately 900 BNB.", "confidence": "medium", "record_maturity": "reviewed", "update_status": "current", "source_count": 2, "last_reviewed_at": "2026-06-16", "last_verified_at": "2026-06-16", "is_major_incident": true, "reported_loss_usd_display": "Approximately 900 BNB attacker profit", "reported_loss_usd": null, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "BlockSec reported that the attacker exhausted the affected fUSDT and UST pool liquidity and gained approximately 900 BNB.", "reported_loss_assets": [ "bnb", "fusdt", "ust" ], "usd_valuation_date": null, "loss_amount_basis": "independent BlockSec technical analysis", "amount_confidence": "medium", "amount_note": "The canonical amount remains denominated in BNB because no reviewed official incident statement supplied a fixed fiat loss value.", "amount_claims": [ { "amount_text": "approximately 900 BNB attacker profit", "amount_usd_text": null, "source_id": "bir_src_000108", "basis": "BlockSec technical analysis", "usd_valuation_date": null, "notes": "Attacker profit and exhausted pool liquidity are not assumed to be identical accounting measures." } ], "recovery_status": "unknown", "reimbursement_status": "unknown", "restart_status": "unknown", "current_outcome": "protocol_active_after_incident", "is_unresolved": true, "unresolved_reason": [ "A stable official postmortem, reimbursement statement, and final pool-restoration outcome were not located in the reviewed sources." ], "affected_chains": [ "bnb-chain", "nerve-network" ], "affected_assets": [ "fusdt", "ust", "bnb" ], "attack_vector_category": "metapool_exchange_amount_calculation_bug", "postmortem_available": "none", "known_unknowns": [ "The exact user-loss allocation and final reimbursement outcome remain unverified.", "The exact restart date for the affected pools was not established." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/nerve-bridge-2021-metapool-exploit/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/nerve-network/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" }, { "id": "bir_inc_000027", "bridge_id": "bir_bridge_000021", "slug": "holograph-2024-unauthorized-hlg-mint", "previous_slugs": [], "redirect_from": [], "title": "Holograph 2024 unauthorized HLG mint", "incident_date": "2024-06-13", "incident_date_precision": "day", "incident_type": "unauthorized_token_mint", "summary": "A malicious actor exploited the Holograph Operator contract and minted one billion additional HLG tokens on Mantle. The team patched the initial exploit, temporarily locked the protocol, coordinated account freezes, and announced a staged burn plan and external investigation.", "confidence": "high", "record_maturity": "reviewed", "update_status": "current", "source_count": 5, "last_reviewed_at": "2026-06-16", "last_verified_at": "2026-06-16", "is_major_incident": true, "reported_loss_usd_display": "1 billion HLG unauthorized mint; realized loss not fixed", "reported_loss_usd": null, "reported_loss_usd_min": null, "reported_loss_usd_max": null, "reported_loss_text": "The incident created one billion unauthorized HLG. Contemporary fiat valuations varied with the rapidly falling token price and do not establish a single realized protocol or user loss.", "reported_loss_assets": [ "hlg" ], "usd_valuation_date": null, "loss_amount_basis": "official incident statement quoted by contemporaneous reporting", "amount_confidence": "high", "amount_note": "Unauthorized supply, tokens sold, tokens frozen, and tokens burned are separate quantities.", "amount_claims": [ { "amount_text": "1 billion unauthorized HLG minted", "amount_usd_text": "approximately $14.4 million at the pre-collapse quoted price in some reporting", "source_id": "bir_src_000113", "basis": "contemporaneous reporting quoting Holograph and market data", "usd_valuation_date": "2024-06-13", "notes": "The fiat figure is not used as canonical realized loss." } ], "recovery_status": "partial_freeze_and_burn_plan", "reimbursement_status": "not_announced", "restart_status": "protocol_locked_then_partial_reopen", "current_outcome": "historical_protocol_inactive", "is_unresolved": true, "unresolved_reason": [ "Completion of the announced one-billion-HLG burn plan was not established.", "The final quantity sold, frozen, recovered, or permanently removed remains unresolved in the reviewed evidence." ], "affected_chains": [ "mantle", "ethereum", "unknown" ], "affected_assets": [ "hlg" ], "attack_vector_category": "privileged_operator_contract_access", "postmortem_available": "partial", "known_unknowns": [ "The final Halborn report URL was not located in stable official documentation.", "The relationship between the historical omnichain protocol and the current same-domain trading terminal is not established as a canonical successor." ], "conflicting_claims": [], "duplicate_of": null, "merged_into": null, "split_from": null, "split_reason": null, "canonical_page_url": "https://bridge-incident-registry.pages.dev/incident/holograph-2024-unauthorized-hlg-mint/", "bridge_page_url": "https://bridge-incident-registry.pages.dev/bridge/holograph-protocol/", "canonical_data_url": "https://bridge-incident-registry.pages.dev/data/incidents.json" } ]