Cross-chain Bridge Thefts Top $1B in 2022

The lost funds illuminate a systemic lack of security among bridge protocols

by Jack Kubinec /
article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Few DeFi companies employ dedicated security personnel
  • Industry experts believe bridges will become more secure as DeFi matures

As investment in cryptocurrency grows, so does the incentive for criminal actors to exploit the DeFi (decentralized finance) space. Cross-chain bridge hacks have been the weapon of choice for crypto thieves in 2022. Bridge hacks have accounted for more than a billion dollars in stolen funds this year, according to research from blockchain analytics and compliance firm Elliptic.

Cross-chain bridges allow assets to be moved between different blockchain protocols, meaning the networks contain a large concentration of crypto assets. The recent string of bridge attacks has caused some industry leaders to question whether the benefits of bridges outweigh their risks. A top analyst at Elliptic believes bridge hacks are just growing pains that DeFi will eventually surmount.

Harmony, Sky Mavis, and Wormhole all suffered blockchain exploits exceeding $100 million this year. Mudit Gupta, Chief Information Security Officer at Polygon, believes bridge insecurity is an industry-wide problem.

Newsletter

Subscribe to Blockworks Daily

“Most of the hacks are happening due to companies not having proper security experts and not knowing what to do themselves,” Gupta said in a Twitter DM. “There are very few DeFi companies with [dedicated] security personnel.”

DeFi protocols have proliferated rapidly in the past six years, but security infrastructure has not kept up with the now over-$900 billion industry. For this reason, hacks totaling in the hundreds of millions are not surprising. 

On April 1, a trader tweeted their concern that a major Harmony Horizon Bridge exploit would only require a hacker to obtain two of the protocol’s five validator keys. In June, that exact scenario occurred — and Harmony was ransacked for $100 million.

Loading Tweet..

Vitalik Buterin, co-founder of Ethereum, believes cross-chain bridges are inherently prone to security breaches.

“The fundamental security limits of bridges are actually a key reason why…I am pessimistic about cross-chain applications,” Buterin wrote in a lengthy January Reddit post. The influential founder went on to express his belief that assets should be held in the same blockchain ecosystem, rather than shuffled between chains.

Tara Annison, Head of Technical Crypto Advisory at the crypto research firm Elliptic, disagrees.

“We’re not going to live in a single chain world,” Annison said. It will always be necessary to move assets between blockchains, so “we shouldn’t characterize bridges in general as bad just because some have been hacked.”

Annison believes bridge hacks are caused by the concentration of value within cross-chain bridges, not by the bridges themselves.

“If you think of wars, you try to bomb bridges to stop goods and services moving across,” Annison said. Recent cross-chain bridge hacks are not happening “because bridges are inherently weak infrastructure, it’s because they have a concentration of value.”

Annison believes that all crypto assets come with risk, and bridges are just the risk “flavor of the month” following stablecoins in May and NFTs before that. Bridges should become more secure as protocols become more technologically mature.

It remains to be seen if market participants agree.

Sky Mavis’ Ronin Bridge, which was compromised for $625 million in April, reopened this morning. Close to $9 million in assets have already left the chain, according to Messari.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.jpg

Research

Evaluating Bluefin’s Precarious Market Position

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

by Marc-Thomas Arjoon, CFA

/

news

article-image

Policy

Trump’s SEC pick grilled on past agency actions, conflicts of interest 

Top Committee Democrat Sen. Elizabeth Warren in her opening statement accused Atkins of “helping billionaire CEOs like Sam Bankman-Fried”

by Casey Wagner /
article-image

0xResearch NewsletterDeFi

COTI launches V2 mainnet: A new era of privacy-focused L2 solutions

Introducing garbled circuits for enhanced privacy and regulatory compliance

by Donovan Choy /
article-image

AnalysisSupply Shock

How Silk Road carved the fault line that separates ‘bitcoin’ and ‘crypto’

Ross Ulbricht was a freedom maximalist building freedom tech, powered by Bitcoin

by David Canellis&Pete Rizzo /
article-image

DeFiLightspeed Newsletter

Solana startups spin up validators for revenue and ‘soft power’

Solana validators can reap benefits including payments, votes and community clout

by Jack Kubinec /
article-image

Sponsored

WCT’s Role in the Onchain Economy

WalletConnect is cementing itself as the essential connectivity layer, ensuring wallets remain the entry point for billions of users

article-image

Business

Galaxy to pay $200M to New York over alleged LUNA manipulation

According to a legal filing, Galaxy Digital helped boost the price of LUNA while quietly selling its tokens

by Katherine Ross /