Bridges are Fragile: Exploring the Top 5 Hacks

Written By Tim Jones

The cryptocurrency world has witnessed several devastating bridge hacks, where attackers have exploited vulnerabilities in cross-chain bridges — technologies designed to transfer assets between different blockchain networks. These incidents have led to massive financial losses, undermining trust in these protocols.

The most notable recent attack was on the Orbit Chain bridge Hack, where attackers stole approximately $81 million in August 2024. This hack exploited vulnerabilities in the bridge’s infrastructure, which allowed the attackers to siphon off funds and route them through a cryptocurrency mixer to cover their tracks.

Below are the five worst bridge hacks in the history of crypto:

1. Ronin Bridge Hack (March 2022)

Loss: $620 million (173,600 ETH and 25.5 million USDC)

Overview: The Ronin Bridge, which connected the Ethereum blockchain with Axie Infinity’s Ronin sidechain, was compromised when attackers gained control of five of the nine validator nodes required to authorize withdrawals. The exploit went unnoticed for six days, allowing the attackers to drain hundreds of millions in assets.

Impact: This is the largest DeFi hack to date, significantly impacting Axie Infinity’s ecosystem and forcing the project to seek external funding to reimburse affected users.

2. Poly Network Hack (August 2021)

Loss: $611 million (Later returned)

Overview: Poly Network, a protocol enabling cross-chain transactions, suffered a massive breach when an attacker exploited a vulnerability in the network’s smart contract. The hacker managed to steal assets across multiple blockchains, including Ethereum, Binance Smart Chain, and Polygon.

Impact: The hacker, later identified as a “white hat,” returned the funds after a week of negotiations with Poly Network, but the incident highlighted critical security flaws in cross-chain bridges.

3. Wormhole Bridge Hack (February 2022)

Loss: $325 million (120,000 ETH)

Overview: The Wormhole Bridge, a cross-chain protocol between Ethereum and Solana, was exploited when the attacker found a bug that allowed them to mint wrapped Ethereum (wETH) on the Solana side without depositing the corresponding Ethereum. The hacker then redeemed these wETH tokens for ETH, draining $325 million.

Impact: This hack shook the Solana ecosystem and emphasized the risks of bridging assets between blockchains. Jump Crypto, the parent company, covered the loss to maintain confidence in the platform.

4. Nomad Bridge Hack (August 2022)

Loss: $190 million

Overview: Nomad Bridge, facilitating cross-chain transactions, was exploited due to a flaw in a recent update that allowed anyone to withdraw funds from the bridge by simply altering the transaction parameters. This led to a free-for-all, with multiple users draining the bridge’s funds.

Impact: This hack demonstrated how even minor code changes could have catastrophic consequences, resulting in one of the most chaotic and decentralized thefts in DeFi history.

5. Harmony Horizon Bridge Hack (June 2022)

Loss: $100 million

Overview: Harmony’s Horizon Bridge, which allowed asset transfers between Ethereum, Binance Smart Chain, and Harmony, was compromised when hackers accessed the private keys of the bridge’s multisig wallet. With control over the wallet, the attacker drained $100 million worth of various tokens.

Impact: This hack highlighted the dangers of centralization within cross-chain bridges, as the exploit was directly tied to the management of private keys, which were insufficiently secured.

Conclusion

DON’T BRIDGE, GOVERN.

Learn more — www.gvnr.xyz

Tim Jones https://gvnr.xyz
Previous

Exploring the Future: Blockchain, Tokenization, and the Next Billion Users
Next

GVNR Tokenomics. The TLDR