Bridge

Orbit Bridge Suffers $81.54 Million Security Breach

Summary # On December 31, 2023, Orbit Chain, a South Korean cross-chain project, experienced a significant security breach involving their Orbit Bridge. The attacker exploited the Orbit Bridge through a private key compromise and drained approximately $81.54 million worth of assets from the Orbit Bridge’s ETH Vault. The stolen funds were converted into ETH and DAI and then distributed across several addresses. Attackers # The identity of the attacker remains unknown. ...

Coordinated Attacks Result in $113.3 Million in Losses for Heco Bridge and HTX Exchange

Summary # On November 22, 2023, Heco Bridge and HTX Exchange were victims of cyberattacks, resulting in over $113.3 million in losses. The attacks appear coordinated and carried out by the same attacker based on similar exploitative techniques and the connection between the two targets. Blockchain security firms CertiK, Peckshield, and Cyvers have reported over $86.6 million in digital assets losses for Heco Bridge and $13.6 million in losses for HTX. ...

Multichain Bridge Suffers $126 Million Security Breach

Summary # On July 6, 2023, Multichain Bridge experienced a security breach due to a private key compromise. The total losses amounted to approximately $126 million, including wBTC, wETH, USDT, USDC, and other assets. The stolen assets were transferred to several addresses. Attackers # The identity of the hackers who attacked Multichain is unknown. Hacker ETH Wallets: 0x9d5765ae1c95c21d4cc3b1d5bba71bad3b012b68 0xefeef8e968a0db92781ac7b3b7c821909ef10c88 0x418ed2554c010a0c63024d1da3a93b4dc26e5bb7 0x622e5f32e9ed5318d3a05ee2932fd3e118347ba0 0x48bead89e696ee93b04913cb0006f35adb844537 0x027f1571aca57354223276722dc7b572a5b05cd8 Losses # Multichain estimated the losses from the hack to be $126 million. ...

Allbridge suffered a flash loan attack for $573k

Summary # On April 2, 2023, AllBridge, a multichain token bridge, fell victim to an exploit that resulted in approximately $573,000 worth of assets being drained from its BNB Chain pools. The attacker, acting as both a liquidity provider and a swapper, exploited a flaw in a smart contract that enabled them to manipulate swap prices. This led to the theft of $282,889 in Binance USD (BUSD) and $290,868 in Tether (USDT). ...

BSC Token Hub Hit By $586 Million Bridge Hack

Summary # On October 6, 2022, BSC Token Hub, a bridge between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20) was exploited. The native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20), also known as BNB Token Hub was exploited. The hacker used a low-level proof vulnerability and 2,000,000 $BNB were drained out of thin air. Consequently, the hacker began bridging the funds to Fantom and Ethereum chains. ...

Nomad Cryptocurrency Platform Hacked: $190 Million Lost

Summary # On August 1, 2022, Nomad, a cryptocurrency platform, experienced a chaotic hacking incident resulting in a loss of more than $190 million. The hack occurred when multiple users took advantage of an accidental error in a recent update, allowing them to drain funds from the blockchain protocol. An investigation conducted by samczsun, the head of security at Paradigm, a web3 investment firm, revealed that one of Nomad’s smart contracts had been modified in a way that made it vulnerable to transaction spoofing. ...

Harmony's Horizon Bridge was the victim of a massive cyberattack from North Korea

Summary # On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC). ...

Ronin Network suffers 51% attack, $625 million stolen

Summary # On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets. ...

Wormhole Hack: Code Vulnerability Has Led to $325 Million Stolen

Summary # On February 3, 2022, a security breach occurred on Wormhole, a DeFi platform designed to facilitate the transfer of tokens and NFTs across various blockchains such as Ethereum, Solana, and Binance Smart Chain. The attacker successfully exploited a vulnerability by utilizing a spoofed sysvar account, enabling them to mint 120,000 wrapped ETH (wETH) tokens on the Solana network. These tokens were later deemed invalid. Subsequently, the attacker redeemed 93,750 wETH tokens for an equivalent value of ETH tokens on the Ethereum network. ...

Polygon hacked for over 800,000 MATIC

Summary # In early December 2021, Polygon, an Ethereum-based network has “silently fixed” a vulnerability that had put its native MATIC tokens worth $24 billion at risk. The issue came to light after a group of ethical hackers informed Immunefi, a bug bounty platform associated with decentralised finance (DeFi). Immunefi hosts the bug bounty for the Polygon network. Both white hat hackers who helped discover the bug were compensated a combined total of $3. ...