- Topic1/3
40k Popularity
28k Popularity
45k Popularity
8k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Cross-chain bridge security risks are frequent: 10 major attack cases resulted in losses exceeding $1.9 billion.
Frequent Security Incidents of Cross-Chain Bridges: A Review of the Top 10 Attack Cases, Involving Over $1.9 Billion
In recent years, with the development of blockchain technology, cross-chain bridges have become an important infrastructure connecting different public chains, and their security has attracted significant attention. However, due to their management of large amounts of funds and frequent operations, cross-chain bridges have become popular targets for hacker attacks. This article will review 10 significant cross-chain bridge attack incidents that have occurred recently, summarize the lessons learned, and provide warnings for the industry.
1. ChainSwap: 8 million USD loss
In July 2021, ChainSwap suffered two attacks, resulting in a total loss of approximately $8 million. The second attack affected more than 20 projects using ChainSwap. The reason for the attack was that the protocol did not strictly verify the validity of signatures. In the aftermath, several projects compensated users for their losses through snapshots and reissuing tokens.
2. Poly Network: All $610 million stolen has been recovered.
In August 2021, Poly Network was attacked, resulting in a loss of approximately $610 million across multiple chains. The attacker exploited a vulnerability in the contract's permission management to modify the validator address on the target chain. Ultimately, all stolen funds were returned.
3. Multichain: $6 million loss has been compensated
In January 2022, Multichain discovered a significant vulnerability affecting multiple tokens. Approximately 7,962 user addresses were impacted, resulting in a loss of $6.04 million. The vulnerability stemmed from the contract not properly verifying the legitimacy of tokens. The team has recovered nearly 50% of the funds and has provided compensation.
4. QBridge: $80 million loss, only 2% compensation
In January 2022, the lending protocol Qubit’s QBridge was attacked, resulting in a loss of approximately $80 million. The attacker exploited a contract vulnerability to mint xETH tokens out of thin air on BSC. Currently, 98% of the stolen funds have not been reimbursed.
5. Meter.io: $4.4 million loss, promises future revenue compensation
In February 2022, the Meter Passport cross-chain bridges were attacked, resulting in a loss of 4.4 million dollars. The reason was an "incorrect trust assumption" in the contract. The project team promised to compensate users for their losses with future earnings.
6. Ronin: $620 million loss has been compensated
In March 2022, the Ronin chain behind Axie Infinity suffered a social engineering attack, resulting in a loss of 6.2 million USD. The attackers infiltrated the system through fake recruitment and took control of multiple validation nodes. The developer Sky Mavis raised 150 million USD to compensate users.
7. Wormhole: $326 million loss has been compensated
In February 2022, Wormhole was attacked, resulting in a loss of approximately $326 million. The attacker exploited a signature verification vulnerability on the Solana side to mint a large amount of whETH. Jump Crypto injected 120,000 ETH into Wormhole to cover the losses.
8. EvoDeFi: Estimated millions of dollars in losses unaddressed
In June 2022, USDT severely depegged on the Oasis ecosystem DEX ValleySwap due to insufficient liquidity on the source chain of the cross-chain bridge EVODeFi. The specific amount of loss is unknown, but it is expected to reach the tens of millions of dollars. User losses have yet to be resolved.
9. Horizon: Nearly $100 million in losses, compensation plan in progress
In June 2022, Harmony's Horizon cross-chain bridge was attacked, resulting in a loss of approximately $100 million. The cause may be a private key leak. The project team is discussing compensation plans with the community.
10. Nomad: $190 million loss, part of the funds are expected to be recovered
In August 2022, the Nomad cross-chain bridges were attacked, resulting in a loss of $190 million. The attack stemmed from a low-level error during a contract upgrade. Some white hat hackers have expressed their willingness to return the funds, but the specific compensation plan has not yet been determined.
Summary
Cross-chain bridges, as a high-risk area, are inevitably subject to attacks even from top projects. However, projects with strong financial backing and a robust team background tend to handle compensation issues better after security incidents. For users, choosing stronger cross-chain bridge projects may be more prudent. At the same time, project teams should strengthen real-time monitoring and rapid response mechanisms to minimize potential losses.