Vitalik sounded the alarm on cross chain bridges in January, here is the compiled list of bridge hacks since then…pure decimation

Seems cross chain bridges have serious problems with security.

Back in January 7th 2022 Vitalik posted this warning:

*My argument for why the future will be multi-chain, but it will not be cross-chain: there are fundamental limits to the security of bridges*

###The Hacks So Far This Year
Only May didn’t register a hack. I’ve used the term hack but this is a generalisation of whatever attack vector was used to drain funds.

**January 20th 2022 – Multichain bridge hacked for ~3 million**

**January 28th 2022 – Qubit Finance bridge hacked for ~80 Million**

**February 2nd 2022 – Wormhole bridge hacked for ~323 Million**

**February 8th 2022 – MeterIO bridge hacked for ~4.4 Million**

**March 30th 2022 – Ronin bridge hacked for ~650 Million**

**April 7th 2022 – Wonderhero bridge hacked for ~300 Thousand**

**June 24th 2022 – Harmony One bridge hacked for ~100 Million**

**July 11th 2022 – ChainSwap bridge hacked for ~4.4 Million**

**August 2nd 2022 – Nomad bridge hacked for ~200 Million**

Be extremely cautious when using crypto bridges, as these losses are just terrible.

View Source

49 thoughts on “Vitalik sounded the alarm on cross chain bridges in January, here is the compiled list of bridge hacks since then…pure decimation”

  1. As far as i know none of the attacks were a 51% attack that he describes(not that they cant happen). The exploits were due to bad code or bad operational security which arent unique to bridges.

    Reply
  2. Algorand is launching State Proofs soon. You will no longer need to trust a third party but only the two chains you are interacting with. All POS blockchains have the capacity to launch this functionality and it can set a universal standard for trustless “bridges” that eliminates all these needless hacks. John Woods, Algorand’s new CTO who came from Cardano, has mentioned he is working with the Cardano team to implement them.

    [Algorand State Proofs](https://medium.com/algorand/algorand-state-proofs-707d64038e35#:~:text=tl%3Bdr%3A%20Algorand%20State%20Proofs,from%20the%20cross%2Dchain%20equation.)

    Reply
  3. Silly question: how do side chains like MATIC interact with main chain (ETH)?

    Its not a bridge is it? Like a juicy wallet with all the cross chain funds sitting in it? Right?

    Asking for a friend.

    Reply
  4. The shit that’s happened this year make the Bitconnect incident look like a child stealing an apple from a neighbour’s tree in comparison. What a year, what a mess

    Reply
  5. I recall a list for top 10 big things in crypto this year, one of which was Bridges, i guess the list was not wrong only didn’t think it was for hacks. F*ck

    Reply
  6. *Note that cross-rollup apps within one zone of sovereignty are still fine. Not also that this also is a limit to the “modular blockchains” vision: you can’t just pick and choose a separate data layer and security layer. Your data layer must be your security layer.*

    I’m not across the intricacies of the tech but I get the general concept, cross chain bridges are inherently flawed

    Reply
  7. Did you read the Vitalik comment? He’s talking about risks on one chain affecting the bridge. ex 51% attack on Ethereum reversing a transaction to the bridge means on the other side of the bridge, the WETH isn’t fully backed.

    In other words, a security compromise in one chain affecting the bridge.

    Most (all?) the bridge hacks are hacks on the bridge.

    Reply
  8. Tezos founder sounded the alarm way before all this & LUNA shite, but nobody seems to care unless it comes from Vitalik

    Reply
  9. People always reference Vitalik’s warning without even reading the post.

    He was saying they are less secure because their consensus mechanisms are more exploitable than a meaningfully decentralized layer 1, while the payout is often just as lucrative because of all the funds the bridges control. Easier to attack the Brinks truck than the bank itself. But all these hacks are exploits enabled by bad code, not consensus attacks.

    It’s like if Vitalik said it’s dangerous to go outside because you could get hit by a car. Then, people go outside and get stabbed, and everyone is like “See, Vitalik warned you about going outside!”

    Reply
  10. What happens to the funds on the other side of the bridge? Are they still being treated as though they are redeemable? Do they trade just below the one to one peg?

    Reply
  11. Why are they are using bridges rather than just using a secure atomic swap like DCRDex?

    An atomic swap is very secure, you don’t need some intermediate token, just do atomic swaps between the different currencies with real on chain transactions.

    Reply
  12. Code is law, but why it should be made publicly available has always been a big questionmark for me, why not certify a select group of developers for the usage of the code. I don’t see bank software developers sharing their code publicly.

    Reply
  13. Damn. I wonder why do many exploits… Are they planned? Insider? Are devs getting sloppy or maybe just under qualified…

    The only bridge I use is Elk finance…. So far so good.

    Reply
  14. Each wave of crypto bubble cycle the new wave of people get dumber and if there is another cycle we will be dealing with the type of people who are accidentally posting sext messages on their public Facebook and getting their 5 year olds to help them open pdf files

    Reply
  15. Any time you add a new attack surface or vector, you are inviting trouble and danger. Vitalik was right and we should have listened more carefully

    Reply
  16. Chains need to wake up and actually start taking what they do seriously. Nomad exploit was posted all over Twitter hours before it was even addressed to the point white hackers safeguarded funds. Harmony had months of warning.

    Reply
  17. I’ve always felt weird about bridges which is why I enjoy the cosmos ecosystem so much. IBC is such a great feature

    Reply
  18. He was talking specifically about the 51% attack. None of those hacks had been performed using a 51% attack.

    But yeah, the GOD has foretold everything, we just have to listen better.

    Reply
  19. I think we really should pay attention to what Vitalik says from now on. He is a genius. What coins are he bullish on right now? SHIB, MATIC, LRC?
    Wormhole was back in February 2???? It feels so recent. Time just flies these days.

    Reply
  20. If you made your DYOR in crypto you would know that bridges are the less secure place of all the crypto env. This is why hackers use to attack them.

    Example: If your blockchain is so secure but you connect to another blockchain with a less secure one then there is the exploit place.

    Reply
  21. 2022 could be the year that breaks crypto as we know it.

    Crypto as a concept relies on the confidence of its users. If nobody has any confidence in the system, it collapses.

    Reply
  22. Wanchain (WAN) has cross chain up and running for years now and is arguably the best crosschain in the industry. They focused on the security first. Just not enough people use it yet.

    Reply

Leave a Comment