Bridge Incident Registry
Incident case

Meter Passport 2022 false-deposit exploit

An attacker directly called a modified ERC-20 deposit handler that failed to verify the transaction value, enabling unbacked BNB and WETH minting and withdrawal of bridge reserves across multiple networks.

reviewedcurrent

Incident facts

Incident title
Meter Passport 2022 false-deposit exploit
Bridge
Meter Passport
Incident date
2022-02-05
Incident type
Exploit
Major incident
Yes
Affected chains
Meter, Ethereum, BNB Chain, Unknown
Affected assets
BNB, WETH
Attack category
Smart Contract Bug
Reported loss
$4.25 million official estimate; about $4.4 million secondary estimate
Recovery
Unknown
Reimbursement
In Progress
Restart
Reopened
Current outcome
Active After Incident
Resolution
Unresolved
Last reviewed
2026-06-15
Last verified
2026-06-15

Timeline events

  • Meter Passport false-deposit exploit disclosed2022-02-05

    Meter identified unauthorized minting and reserve depletion affecting BNB and WETH representations across connected networks.

    Exploit DisclosedHigh

  • Postmortem and compensation plan published2022-02-18

    Meter documented the false-deposit flaw and proposed PASS-token liabilities representing $4.25 million in compensation claims.

    Postmortem And Compensation PlanHigh

  • PASS compensation tokens distributed2022-04-03

    Meter updated the postmortem to state that PASS liability tokens had been distributed to affected users under the approved compensation structure.

    Compensation Instrument DistributedHigh

  • Audited Meter Passport v1.5 went live2022-10-10

    Meter reported that an audited replacement version of Meter Passport had gone live after the exploit response and redesign work.

    Bridge UpgradeHigh

Evidence records

Known unknowns