Cross-Chain Bridges Suffer $2.5B-$2.8B in Hacks Over Last Year
In the last 12 months, cross-chain bridges have been exploited for an estimated $2.5 billion to $2.8 billion, highlighting persistent security vulnerabilities. These ongoing risks are shaping user behavior, with many traders preferring larger, more established bridges despite higher fees. The analysis suggests that security remains a primary challenge as liquidity continues to migrate between Base, Ethereum, and other L2 ecosystems.
- The 2022 Ronin Bridge hack, one of the largest in DeFi history, saw attackers steal approximately $625 million in ETH and USDC. The exploit was a result of compromised private keys, which allowed attackers to forge withdrawals. The U.S. Treasury later attributed the attack to the North Korean Lazarus Group. - In the Nomad bridge exploit of August 2022, a vulnerability in a smart contract update allowed attackers to drain over $190 million. The flaw made it possible for transactions to be approved without proper validation, leading to a chaotic, "crowdsourced" looting of the bridge's funds. - The Wormhole bridge was exploited for over $320 million in February 2022 due to a smart contract vulnerability that allowed the attacker to mint 120,000 wETH on the Solana blockchain without backing. Jump Crypto, Wormhole's parent company, stepped in to replace the stolen funds and back the wETH 1:1, preventing a wider ecosystem collapse. - Common vulnerabilities in cross-chain bridges include insecure private key management, unaudited smart contracts, and centralization risks where a small number of validators can approve transactions. These design flaws create single points of failure, making bridges a prime target for hackers. - In response to these persistent security issues, newer cross-chain interoperability protocols like LayerZero and Chainlink's CCIP are gaining traction. They aim to offer more secure and flexible alternatives to traditional bridge models, with LayerZero focusing on speed and customizability, while CCIP prioritizes security through its established oracle network. - The BNB Chain's cross-chain bridge, BSC Token Hub, was exploited in October 2022 for approximately $566 million. Attackers exploited a bug in the bridge's proof verification system, allowing them to mint 2 million new BNB tokens. - The Poly Network hack in August 2021, while one of the largest at $612 million, had an unusual outcome. The attacker, who claimed to have done it "for fun," eventually returned most of the stolen funds after negotiations with the Poly Network team.
