Cross-chain Bridge Thefts Top $1B in 2022

The lost funds illuminate a systemic lack of security among bridge protocols

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Few DeFi companies employ dedicated security personnel
  • Industry experts believe bridges will become more secure as DeFi matures

As investment in cryptocurrency grows, so does the incentive for criminal actors to exploit the DeFi (decentralized finance) space. Cross-chain bridge hacks have been the weapon of choice for crypto thieves in 2022. Bridge hacks have accounted for more than a billion dollars in stolen funds this year, according to research from blockchain analytics and compliance firm Elliptic.

Cross-chain bridges allow assets to be moved between different blockchain protocols, meaning the networks contain a large concentration of crypto assets. The recent string of bridge attacks has caused some industry leaders to question whether the benefits of bridges outweigh their risks. A top analyst at Elliptic believes bridge hacks are just growing pains that DeFi will eventually surmount.

Harmony, Sky Mavis, and Wormhole all suffered blockchain exploits exceeding $100 million this year. Mudit Gupta, Chief Information Security Officer at Polygon, believes bridge insecurity is an industry-wide problem.

“Most of the hacks are happening due to companies not having proper security experts and not knowing what to do themselves,” Gupta said in a Twitter DM. “There are very few DeFi companies with [dedicated] security personnel.”

DeFi protocols have proliferated rapidly in the past six years, but security infrastructure has not kept up with the now over-$900 billion industry. For this reason, hacks totaling in the hundreds of millions are not surprising. 

On April 1, a trader tweeted their concern that a major Harmony Horizon Bridge exploit would only require a hacker to obtain two of the protocol’s five validator keys. In June, that exact scenario occurred — and Harmony was ransacked for $100 million.

Loading Tweet..

Vitalik Buterin, co-founder of Ethereum, believes cross-chain bridges are inherently prone to security breaches.

“The fundamental security limits of bridges are actually a key reason why…I am pessimistic about cross-chain applications,” Buterin wrote in a lengthy January Reddit post. The influential founder went on to express his belief that assets should be held in the same blockchain ecosystem, rather than shuffled between chains.

Tara Annison, Head of Technical Crypto Advisory at the crypto research firm Elliptic, disagrees.

“We’re not going to live in a single chain world,” Annison said. It will always be necessary to move assets between blockchains, so “we shouldn’t characterize bridges in general as bad just because some have been hacked.”

Annison believes bridge hacks are caused by the concentration of value within cross-chain bridges, not by the bridges themselves.

“If you think of wars, you try to bomb bridges to stop goods and services moving across,” Annison said. Recent cross-chain bridge hacks are not happening “because bridges are inherently weak infrastructure, it’s because they have a concentration of value.”

Annison believes that all crypto assets come with risk, and bridges are just the risk “flavor of the month” following stablecoins in May and NFTs before that. Bridges should become more secure as protocols become more technologically mature.

It remains to be seen if market participants agree.

Sky Mavis’ Ronin Bridge, which was compromised for $625 million in April, reopened this morning. Close to $9 million in assets have already left the chain, according to Messari.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

HYATT REGENCY SALT LAKE CITY

TUES, OCT. 8, 2024

Guided by the expertise of Blockworks Research Analysts team, this one day event will feature senior leaders, entrepreneurs, and developers from across the crypto industry. Attendees will have the opportunity to participate in an immersive experience to explore the latest trends, […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

hivemapper.jpeg

Research

We believe crypto market participants overlook Hivemapper’s fundamental potential due to a poor understanding of both the niche map data market and Hivemapper’s positioning relative to incumbents. Hivemapper’s token model catalyzes both a cost and product advantage via unmatched map freshness and near real-time accuracy, which is its wedge into a market characterized by stale data and high data collection costs. Its current and potential future product suite may represent one of the strongest possibilities for PMF in crypto today.

article-image

👨‍⚖️ SBF’s courtroom sequel: Plus, Coinbase’s legal loss was DeFi’s gain

article-image

Public mining companies have been acquiring sites, refreshing machine fleets and diversifying business models in preparation for the event

article-image

Exploit shows centralization can sometimes be an asset

article-image

The Fidelity Ethereum Fund, like other proposed ETH ETFs, seeks to stake a portion of its assets, according to the firm’s Wednesday registration statement

article-image

The DAO first voted on enabling SAFE transfers over a year ago