According to a new report by crypto data aggregator Token Terminal, approximately 50% of exploits in decentralized finance, or DeFi, occur on cross-chain bridges. In two years' time, more than $2.5 billion have been stolen by hackers from exploiting vulnerabilities on cross-chain bridges. The amount is enormous comparison to other security breaches, such as DeFi lending hacks ($718 million) and decentralized exchange exploits ($362 million) in that period.
Bridge exploits account for ~50% of all DeFi exploits, totaling ~$2.5B in lost assetsThese hacks can typically be attributed to smart contract loopholes (e.g. Wormhole & Nomad) or compromised private keys (e.g. Ronin & Harmony).What will it take to create secure bridges? pic.twitter.com/LrVf0W0zeK
Cross-chain bridges, which allow users to port digital assets from one chain to another, are known for their ability to solve multi-chain scaling issues. However, their complexity to build and subsequently audit, combined with massive amounts of funds locked in their smart contracts, has attracted much attention from hackers.
Security experts, such as Immunefi's CEO Michael Amador, explain that some developers in the DeFi space are simply lacking the necessary knowledge to build such complex mechanisms:
It also appears that the vast majority of the cross-change exploits happened thus far took place on Ethereum Virtual Machine (EVM) blockchains. This includes this year's most serious incidents such as the Axie Infinity Ronin bridge hack, the Wormhole token bridge hack, and the Nomad bridge hack.
Meanwhile, cross-chain bridges based on the Cosmos Interblockchain Communications protocol (IBC), which has surpassed $1 billion in total value locked, have largely avoided the spearhead
Read more on cointelegraph.com