Report: Half of all DeFi exploits are cross-bridge hacks

Published at: Oct. 19, 2022

According to a new report by crypto data aggregator Token Terminal, approximately 50% of exploits in decentralized finance, or DeFi, occur on cross-chain bridges. In two years' time, more than $2.5 billion have been stolen by hackers from exploiting vulnerabilities on cross-chain bridges. The amount is enormous comparison to other security breaches, such as DeFi lending hacks ($718 million) and decentralized exchange exploits ($362 million) in that period. 

Bridge exploits account for ~50% of all DeFi exploits, totaling ~$2.5B in lost assetsThese hacks can typically be attributed to smart contract loopholes (e.g. Wormhole & Nomad) or compromised private keys (e.g. Ronin & Harmony).What will it take to create secure bridges? pic.twitter.com/LrVf0W0zeK

— Token Terminal (@tokenterminal) October 18, 2022

Cross-chain bridges, which allow users to port digital assets from one chain to another, are known for their ability to solve multi-chain scaling issues. However, their complexity to build and subsequently audit, combined with massive amounts of funds locked in their smart contracts, has attracted much attention from hackers.

Security experts, such as Immunefi's CEO Michael Amador, explain that some developers in the DeFi space are simply lacking the necessary knowledge to build such complex mechanisms:

"Many developers launch projects by simply copying and pasting code from other projects. When one of these projects has a vulnerability, others usually have that vulnerability as well. Open source smart contracts, being visible and accessible to all, can easily attract blackhats who study them, discover where they're vulnerable, and exploit them."

It also appears that the vast majority of the cross-change exploits happened thus far took place on Ethereum Virtual Machine (EVM) blockchains. This includes this year's most serious incidents such as the Axie Infinity Ronin bridge hack, the Wormhole token bridge hack, and the Nomad bridge hack.

Meanwhile, cross-chain bridges based on the Cosmos Interblockchain Communications protocol (IBC), which has surpassed $1 billion in total value locked, have largely avoided the spearhead of the attacks. Although, last week, Cosmos co-founder Ethan Buchman said that a major security vulnerability was discovered on IBC after security audits. The exploit has been patched, and no funds were lost as a result of the incident. 

Tags
Related Posts
The remaining steps to mainstream institutional investment
It has been said that you only get one chance to make a first impression. Perhaps the best example of this old adage is the cryptocurrency space. From exit scams and money laundering, to unaudited code and high carbon footprints, the crypto landscape has spent the better part of the past decade scrubbing itself of its infamous past. For many, the sanitizing of the decentralized ecosystem was inevitable — simply a matter of when, not if. This mindset hindered the sense of urgency that should have been on display and may have ultimately contributed to the skepticism exhibited by mainstream …
Adoption / May 29, 2021
Supply chain tokens see triple-digit gains as the global economy recovers
Over the last few weeks, blockchain projects focused on supply chains and logistics have seen tremendous growth as the coronavirus-induced economic gridlock begins to loosen and future concerns related to the global pandemic subside. Three logistics projects that have benefited from the improving economic outlook are OriginTrail, Waltonchain and Wabi. Since early February, each has seen its token price increase by up to 300%. TRAC/USD OriginTrail is a self-described “ecosystem dedicated to making global supply chains work together by enabling a universal, collaborative and trusted data exchange.” The project was established in 2011 with the goal of providing enterprise users …
Technology / March 15, 2021
SEC vs. Telegram: Part 2 — The case against integrating the two prongs of a SAFT
As discussed in the previous article, Telegram is a popular global instant messaging company. In 2018, it sold contractual rights to acquire a new crypto asset that it was developing (to be called Grams) to a group of accredited (and wealthy) investors around the world. Telegram raised about $1.7 billion from 171 investors, including 39 U.S. purchasers. This was a prelude to the planned launch of Grams, which was to occur about a year and a half later in October 2019. This two-step process — where a crypto entrepreneur sells contractual rights to acquire a crypto asset upon launch in …
Technology / Sept. 22, 2020
KuCoin Labs Launches $100 Million Venture Capital Fund To Empower Early-Stage Metaverse Projects
KuCoin Labs, the company behind the world's sixth-largest cryptocurrency exchange by trading volume with more than 500 crypto assets listed, announced on Wednesday that it would be launching a $100 million metaverse fund for early-stage projects. The money is also available for entities that develop blockchain-based games, nonfungible tokens, and decentralized applications. In addition, Kucoin will also provide business incubation services, branding, incentives, and business partnerships for developers selected into the fund. Johnny Lyu, CEO of Kucoin, said the following in a prepared statement obtained by Cointelegraph: "KuCoin Metaverse Fund will be launched to accelerate the evolution of the Internet …
Adoption / Nov. 17, 2021
YouTube head of gaming Ryan Wyatt to resign and join Polygon Studios as CEO
On Tuesday, Ryan Wyatt, head of gaming at YouTube, announced he would be leaving the video-sharing platform in February. Partly due to his leadership, YouTube Gaming sees over 250 million daily logged users per day with hundreds of billions of watch time each year. Wyatt cited his passion for blockchain and Web 3.0 development in explaining his resignation. H will soon join Polygon Studios as its CEO. Polygon Studios is the gaming and non-fungible tokens, or NFTs, arm of the namesake layer two Ethereum (ETH) scaling network (MATIC). Polygon plans to commit $100 million to projects led by its subsidiary …
Technology / Jan. 25, 2022