Chainalysis: Interoperability protocol vulnerabilities become the biggest security risk, accounting for 69% of hacked funds this year
The blockchain analysis company Chainalysis reported that a total of $2 billion has been stolen from cross-chain bridges so far this year, with a total of 13 incidents. Hacks on cross-chain bridges accounted for 69% of the total hacker funds this year after the incident with the Nomad cross-chain bridge.
Table of Contents
Understanding Cross-chain Bridges
A cross-chain bridge is designed to address the interoperability between different blockchains.
It allows users to transfer assets from one chain to another. For example, Wormhole has experienced significant hacking incidents that allow users to transfer cryptocurrencies and NFTs between smart contract blockchains like Solana and Ethereum. Different cross-chain bridges have different designs, but generally, they enable users to send assets to a cross-chain protocol, lock assets on one chain, and issue corresponding assets on another chain.
Major Losses This Year Due to Cross-chain Bridges
Chainalysis believes that cross-chain bridges are more attractive to hackers due to the movement of valuable assets, making them a primary target for North Korean hackers. Related reading: North Korea Emerges as a Major Cryptocurrency Hacking Nation, U.S. Treasury Department Attributes Ronin Chain Incident to North Korea. Chainalysis estimates that North Korean hackers have stolen nearly $1 billion in cryptocurrency this year through cross-chain bridges and DeFi protocols, while South Korea's government statistics show North Korea's official export revenue is only $89 million.
Why Are Cross-chain Bridges Vulnerable?
Because cross-chain protocols are responsible for locking assets to support parallel assets on another chain, the storage point is easily targeted. Chainalysis states that the design of cross-chain bridges is not yet very efficient, as it is still an evolving technology. Therefore, different new technologies may have vulnerabilities that malicious actors can exploit.
What Can We Do?
Chainalysis notes that hackers used to target centralized exchanges in the past, but successful attacks on them have become less common. This is because these companies prioritize security, and hackers target the latest and easiest vulnerabilities. Chainalysis suggests that while code audits are not foolproof, the first step in addressing such issues should be to design extremely rigorous DeFi audit standards and gradually establish the strongest and most secure smart contract examples.