Since September 2020, cross-chain protocols have become increasingly attractive to cybercriminals. They account for about 50% of all attacks on the DeFi sector.
According to Token Terminal, hackers have stolen over $2.5 billion in the past two years by exploiting cross-chain bridge vulnerabilities. That amount is roughly half of all the money stolen from the DeFi sector over that period.
What’s noteworthy is that Chainalysis’ latest report showed that hackers managed to steal $2 billion from various cross-chain protocols in 2022. Hence, 80% of successful attacks on cross-chain bridges took place exactly this year.
Mitchell Amador, DeFi Security Expert and CEO of Immunefi, believes the growing popularity of cross-chain bridges draws the attention of cybercriminals. Cross-chain protocols have enabled users to move digital assets from one chain to another, but the complexity of their creation and lack of developer experience result in vulnerabilities exploited by hackers.
The biggest attacks on cross-chain bridges this year were:
- Ronin Network with $624 million;
- Horizon Bridge with about $100 million;
- BSC Token Hub with over $100 million.
However, the popularity of cross-chain bridges has a downside. The community is actively following the technology, and it’s getting harder for attackers to stay undetected. For example, the other day, a hacker tried to exploit a vulnerability in the BitBTC cross-chain bridge on Optimism, an Ethereum-based layer 2 scaling solution. But the protocol user could discover the vulnerability and prevent the exploit by posting the information on Twitter.
The attacker took advantage of a bug in the bridge code. It allowed them to mint fake tokens on the L1 side and later exchange them for real tokens on the L2 side. This would’ve taken about seven days. Thanks to the careful attention of Lee Bousfield, Arbitrum’s Tech Lead, the cybercriminal’s intentions were detected, and the project team had enough time to fix the error.
According to some experts, cross-chain protocol technologies must undergo a series of exploits before developers can gain enough experience to protect them. This also applies to other projects in the DeFi market, as the sector remains the most vulnerable to hacker attacks.