English

BRC20 Pinning Attack

Cryptography and Security 2025-06-06 v3 Computational Engineering, Finance, and Science Emerging Technologies

Abstract

BRC20 tokens are a type of non-fungible asset on the Bitcoin network. They allow users to embed customised content within Bitcoin's satoshis. The token frenzy reached a market size of US$2.811\,b (2023Q3--2025Q1). However, this intuitive design has not undergone serious security scrutiny. We present the first analysis of BRC20's \emph{transfer} mechanism and identify a new attack vector. A typical BRC20 transfer involves two "bundled" on-chain transactions with different fee levels: the first (i.e., \textbf{Tx1}) with a lower fee inscribes the \textsf{transfer} request, while the second (i.e., \textbf{Tx2}) with a higher fee finalizes the actual transfer. An adversary can send a manipulated fee transaction (falling between the two fee levels), which causes \textbf{Tx1} to be processed while \textbf{Tx2} is pinned in the mempool. This locks BRC20 liquidity and disrupts normal withdrawal requests from users. We term this the \emph{BRC20 pinning attack}. We validated the attack in real-world settings in collaboration with Binance researchers. With their knowledge and permission, we conducted a controlled test against Binance's ORDI hot wallet, resulting in a temporary suspension of ORDI withdrawals for 3.5 hours. Recovery was performed shortly after. Further analysis confirms that the attack can be applied to over \textbf{90\%} of inscription-based tokens within the Bitcoin ecosystem.

Keywords

Cite

@article{arxiv.2410.11295,
  title  = {BRC20 Pinning Attack},
  author = {Minfeng Qi and Qin Wang and Zhipeng Wang and Lin Zhong and Zhixiong Gao and Tianqing Zhu and Shiping Chen and William Knottenbelt},
  journal= {arXiv preprint arXiv:2410.11295},
  year   = {2025}
}
R2 v1 2026-06-28T19:22:05.382Z