Allbridge Core 2023 BNB Chain pool exploit
Attackers used flash-loan-funded deposits, withdrawals, and swaps to exploit flawed liquidity-accounting logic in Allbridge Core's BUSD and USDT pools on BNB Chain.
Incident facts
- Incident title
- Allbridge Core 2023 BNB Chain pool exploit
- Bridge
- Allbridge Core
- Incident date
- 2023-04-02
- Incident type
- Exploit
- Major incident
- Yes
- Affected chains
- BNB Chain
- Affected assets
- BUSD, USDT
- Attack category
- Liquidity Or Accounting Failure
- Reported loss
- Approximately $650,000 official postmortem; about $573,000 initial estimate
- Recovery
- Partial Recovery
- Reimbursement
- Completed
- Restart
- Reopened
- Current outcome
- Active After Incident
- Resolution
- Final outcome known
- Last reviewed
- 2026-06-15
- Last verified
- 2026-06-15
Timeline events
Allbridge Core BNB Chain pool exploit disclosed2023-04-02
Allbridge shut down bridge operations after attacks manipulated its BUSD and USDT pool accounting on BNB Chain.
First attacker returned 1,500 BNB2023-04-03
An attacker accepted white-hat terms and returned 1,500 BNB, representing most of the initially reported loss.
Compensation plan announced2023-04-04
Allbridge said affected bridge users and liquidity providers would be compensated, beginning with transactions stuck during the emergency shutdown.
Allbridge Core relaunch and contract changes documented2023-05-30
Allbridge documented the redesigned pool logic, contract redeployment, recovery payments, and the return of Allbridge Core service.
Evidence records
- Allbridge Core Updates Following the RelaunchAllbridge · Tier 1 · 2023-05-30
- Compensation Plan AnnouncementAllbridge · Tier 1 · 2023-04-04
- Allbridge exploiter returns most of the $573K stolen in attackCointelegraph · Tier 2 · 2023-04-04
Known unknowns
- The exact unrecovered remainder after bounties and recovery payments is not itemized in this seed record.