After Latest Crypto Bridge Hack, Industry Participants Call for Tighter Security

After the Nomad crypto bridge lost more than $190 million to hackers this week, industry participants say bridges must step up security measures, following an embarrassing rash of exploits this year

article-image

Source: Shutterstock

share

key takeaways

  • Bridge protocols are popular targets for hackers as the blockchain-to-blockchain solutions grow in popularity and usage
  • Web3-oriented protocols may need to begin deploying tried-and-true Web2 cybersecurity measures, a specialist told Blockworks

In 2022’s latest hack of a crypto bridge, Nomad lost a substantial sum in a hack made possible by a routine upgrade that allowed nefarious actors to skip verification messages and steal more than $190 million

Crypto bridges enable transactions between different blockchains without a third-party to facilitate the exchange. The Nomad hack is now the third-largest bridge hack this year behind Wormhole, where hackers drained $325 million in February, and Ronin, where $625 million was stolen from its blockchain in March.

The Nomad hack was an implementation bug that didn’t stem from transactions going awry, said Dmitriy Berenzon, a research partner from early-stage token fund 1KX.

“The attack didn’t come from transactions that went over the bridge, it’s an exploit of the contracts on Ethereum — it’s more issues in the code itself, rather than the theoretical security model,” Berenzon told Blockworks. “This is unlike the other hacks we’ve seen where the actual Root of Trust (RoT) is compromised.”

Cryptographic systems depend on RoT to secure operations. A compromised RoT implies that the keys to encrypt and decrypt data on the hardware are broken.

Blockchain bridges have become popular targets for crypto-savvy hackers, namely because of the complexity of their underlying smart contracts. Such vulnerabilities have drawn criticism from the likes of Ethereum founder Vitalik Buterin who previously said bridges have “fundamental security limits” that make him pessimistic about ​​cross-chain applications.

“The scariest part about bridged assets is the domino effects in the unhappy case,” Berenzon said. “Assets are used and integrated into different protocols, and if there is an issue with one bridge, it can get wrapped into another bridge — so, you have a cascading systemic risk that is potentially hard to unwind.”

An example of asset integration would be if you had ether that you want to switch to Polygon to leverage its cheaper gas fees — you would send your ETH to a bridge address on an Ethereum blockchain. Once your deposit is received, your ETH will become “wrapped,” making it compatible with Polygon and easier for you to perform transactions on the layer-2 network. 

It’s impossible to mitigate risk completely, Berenzon said — but minimizing loopholes as bridges grow in usage is paramount. 

Hugh Brooks, a product director at blockchain security firm CertiK, said bridges are going to take on an increasingly larger role as developers, envisioning a multichain future, are no longer content to build on a single blockchain.

Rather, Brooks said, the Web3 ecosystem ought to benignly deploy Web2 cybersecurity attitudes.

“We need to have a full security mindset and to be testing at each step of the way,” Brooks told Blockworks. “If [Nomad] had a response team in place to respond to the hacks, they might have been able to shut it down or execute a hack themselves to prevent others from taking that money. Although there were white hackers who did intervene, you’re not always going to be able to rely on the community for these kinds of incidents.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (19).png

Research

Suilend has grown into the top money market and liquid staking provider on Sui. STEAMM, Suilend’s Superfluid AMM, presents a compelling avenue for growing market share within Sui’s DEX landscape and revenue generation for the protocol. Suilend’s multi-product suite position it well for owning market share across key verticals. While current metrics across the Sui ecosystem are likely inflated due to Sui Foundation incentive programs, SEND trades at amongst the lowest multiples in the lend/borrow sector, suggesting that a bull case for continued growth in the ecosystem may be mispriced.

article-image

The stablecoin issuer now plans to offer 32 million Class A common stock shares at a price of up to $28 each

article-image

Let’s go whale watching, Bitcoin style: Investigating the mysterious “12ib7” wallet now worth $3.2 billion

article-image

Bitget’s L2 is undergoing a leadership change and will be helmed by Colin Goltra, formerly the blockchain’s chief growth officer

article-image

The funding was spread out across 61 rounds, a slight dip in both number of rounds and total funding in comparison to other months

article-image

Why is it controversial to say things are better than they used to be?