$2 billion in crypto stolen from cross-chain bridges this year: Chainalysis

Cross-chain bridge breaches accounted for 69% of all cryptocurrencies stolen in 2022, amounting to $2 billion in losses, according to a new report.

The report comes from blockchain analytics firm Chainalysis on August 2, noting that there have been 13 separate token bridges hacks this year — the most recent being the $190 million Nomad Bridge operation.

Q1 2022 was by far the quarter with the most cryptocurrency thefts since 2021, mainly due to the Ronin Bridge attack in late March where $624 million in Ether (ETH) and Circle USD (USDC) was stolen.

After last night’s Nomad bridge exploit, an estimated $2 billion has been stolen from multi-chain bridges so far in 2022. Read our blog to learn what makes these protocols vulnerable and what the industry can do about it. https://t.co/WLo62H6NFe pic.twitter.com/CZRnqrPikh

— Chainalysis (@chainalysis) August 2, 2022

Cross-chain bridges, also known as blockchain bridges, are designed to transfer cryptocurrencies from one blockchain network to another.

Chainalysis explains that while bridge designs vary, users typically deposit their tokens from a chain into the bridge protocol, which are then locked into a contract. The user is then issued the equivalent of a parallel token on another chain.

Bridge the vulnerabilities

According to the Chainalysis report, bridges are often targeted because they “have a central point of capital storage that backs up the ‘bridged’ assets on the receiving blockchain.”

“Regardless of how these funds are stored — locked in a smart contract or with a central custodian — that storage point becomes a target.”

According to some experts, effective bridge design is still in its nascent stages of development, and some developers still have relatively little understanding of security protocols, making their protocols vulnerable to exploitation by hackers.

In a July 22 clip posted on Twitteralmost two weeks before the recent attack, Nomad founder James Prestwich says it will be “at least another two years before there is enough familiarity between the chain’s security models to create defenses as a standard.”

“In cross-chain systems, we haven’t built that kind of attack expertise yet, people don’t know what the common attacks are and therefore don’t defend against them.”

Centralized exchanges were once a favorite target for hackers, but advances in security protocols have seen a drop in successful cyber attacks, according to Chainalysis.

The blockchain analytics firm emphasized that cryptocurrency services, including bridges, should start investing in security upgrades and training sooner rather than later.

“A valuable first step in addressing problems like this could be for extremely strict code reviews to become the gold standard of DeFi, both for building protocols and for the investors who evaluate them. Over time, stronger, more secure smart contracts can serve as templates for developers to build upon.”