Hackers Tap Cross-Chain Bridges Vulnerabilities; Whopping US$2B Worth of Crypto Stolen So Far

Hackers and cybercriminals are exploiting vulnerabilities found in cross-chain bridge protocols to steal billions of dollars worth of cryptocurrency from smart wallets and contracts, says a new report from blockchain analytics firm Chainalysis.

A total of 13 different cross-chain bridge hacks have been recorded so far, which have earned criminals around $ 2 billion, according to the company. Most of these attacks took place this year, showing that the trend is proliferating and becoming a major security risk in the cryptocurrency industry.

Bridge attacks so far account for 69% of total funds stolen in 2022, totaling approximately $ 1.4 billion, Chainalysis estimates. The biggest single event was the $ 615 million loot stolen from the Ronin Bridge in March 2022. Ronin is an Ethereum sidechain developed for the popular non-fungible token game (NFT) Axie Infinity.


Another big heist this year was the $ 320 million hacking of Wormhole in February. Wormhole is one of the most popular bridges connecting Ethereum and Solana, allowing users to move their tokens and NFTs from one blockchain to another.

And just last month, attackers drained the Nomad cross-chain bridge token bridge of nearly $ 200 million worth of cryptocurrencies. Nomad, which presented itself as safer than competing bridges, closed an initial funding round of $ 22.4 million in July with a valuation of $ 225 million. Advocates included Coinbase’s venture capital (VC) arm and the OpenSea NFT marketplace.

Quarterly value stolen in breach and share of all breached value stolen by bridge protocols, Source: Chainalysis, August 2022

Quarterly value stolen in breach and share of all breached value stolen by bridge protocols, Source: Chainalysis, August 2022

Cross-chain bridges are protocols that allow the user to transfer digital assets and data from one blockchain to another. Their design and specificities vary, but most of the protocols on the market right now work by “wrapping” the tokens in a smart contract and issuing native assets to be used on the other blockchain.

Wrapped BTC (wBTC), for example, is an ERC-20 token on the Ethereum blockchain that uses bitcoin as collateral. Users must first send BTC to a “trader”, who then initiates the minting of new wBTC tokens. These tokens are then sent to the user who can use them on the Ethereum network to interact with Ethereum-based decentralized apps (DApps) and other services.

To redeem BTC for wBTC, the trader initiates a “burn transaction” in which the wBTC tokens are permanently withdrawn from circulation and the user receives the equivalent amount of BTC in return.

Because cross-chain bridges essentially function as liquidity providers, raising funds and locking them in a central point of storage, they have become an attractive target for criminals.

Chainalysis estimates that North Korea-linked hackers have stolen around $ 1 billion worth of cryptocurrency so far this year, entirely from bridge and other decentralized protocols.

Cross-chain bridges became popular last year due to the surge in cryptocurrency trading activity. During the market frenzy between late 2021 and early 2022, the total valued locked (TVL) in the Ethereum bridges crossed the $ 20 billion mark, increasing more than 28 times from $ 700 million. TVL recorded in May 2021, data compiled by Dmitriy Berenzon, a research partner of blockchain angel fund 1kx, shows.

According to Dezentralizedfinance.com, a platform that provides NFT and DeFi data and analysis, around 75 cross-chain bridges are currently in operation here.

Cross-Chain Bridge Map, Source: Dezentralizedfinance.com, May 2022

Cross-Chain Bridge Map, Source: Dezentralizedfinance.com, May 2022

Featured image credit: edited by freepik

Friendly print, PDF and email

Leave a Comment