Cross-chain bridge hacks have accounted for 69% of the total crypto stolen in 2022, amounting to $2 billion in losses, according to a new report.
The report comes from blockchain analytics firm Chainalysis on Tuesday, noting there have been 13 separate token bridge hacks this year — the most recent being the $190 million Nomad Bridge exploit.
Q1 2022 was by far the quarter that saw the most amount of crypto stolen since 2021, due mainly to the Ronin Bridge Attack in late March, which saw $624 million in Ether (ETH) and USD Coin (USDC) stolen.
Cross-chain bridges, also known as blockchain bridges, are designed to transfer cryptocurrencies from one blockchain network to another.
Chainalysis explains that while bridge designs vary, users typically deposit their tokens from one chain to the bridge protocol, which are then locked into a contract. The user is then issued the equivalent of a parallel token in another chain.
According to the Chainalysis report, bridges are often targets because they “feature a central storage point of funds that back the ‘bridged’ assets on the receiving blockchain:”
“Regardless of how those funds are stored — locked up in a smart contract or with a centralized custodian — that storage point becomes a target.”
According to some experts, effective bridge design is still in its nascent stages of development, and some developers still have relatively little understanding of security protocols, making their protocols vulnerable to exploitation by hackers.
In a July 22 clip posted on Twitter, almost two weeks before the recent attack, Nomad founder James Prestwich says it will be “at least another year or two before there is enough familiarity across chain security models to build defenses as a standard:”
“In cross-chain systems, we haven’t built up that kind of expertise about attacks yet, people don’t know what the common attacks are, and so they don’t defend against them.”
Centralized exchanges were once the favorite target of hackers, but advances in security protocols have seen a drop in successful cyber attacks, according to Chainalysis.
The blockchain analytics firm has stressed that cryptocurrency services, including bridges, should start investing in security upgrades and training sooner rather than later:
“A valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard of DeFi, both for those building protocols and for the investors evaluating them. Over time, the strongest, safest smart contracts can serve as templates for developers to build from.”