The Nervos Network’s Force Bridge was recently hacked, resulting in a significant $3.9 million loss in various crypto assets. Blockchain security firm Cyvers Alerts first reported this major incident in a June 2nd post on the X platform. They noted that a suspicious address appeared to have gained unauthorized control of the critical cross-chain bridge. Several different types of tokens were drained by the attacker, including substantial amounts of Dai, Ethereum, USD Coin, and Tether. Approximately $3 million was siphoned from the Ethereum side of the bridge, with an additional $800,000 stolen from BNB Chain.
In another update regarding this exploit, the blockchain security firm Hacken revealed more details about the attacker’s methods.
Their investigation showed the exploit occurred only after the attacker had made multiple failed attempts over a six-hour period. After these repeated failures, they finally breached the system, highlighting a potential window for earlier detection by security systems. Hacken emphasized that this particular exploit reinforces warnings about access control failures, which are now critical threats in Web3.
The fact that multiple failed attempts occurred over a long window before success should have raised immediate security alarms for the bridge operators.
According to Hacken’s detailed analysis, the attacker initially targeted the Force Bridge on the BNB Chain shortly after 01:30 UTC. They made repeated, unsuccessful attempts to breach the system before a small test breach occurred around 02:23 UTC, netting just $25. The full-scale exploit on BNB Chain happened much later at 07:36 UTC, when 874 BNB was successfully drained. Additional funds were subsequently stolen by the attacker from both the BNB Chain and also the Ethereum network, bringing the total. The stolen assets were then quickly funneled through various crypto mixers and anonymous platforms, including Tornado Cash and FixedFloat.
In response to this damaging hack, Magickbase, a Nervos Network community developer, immediately halted all Force Bridge activity as a precaution. They publicly stated, “We’ve detected abnormal activity on #ForceBridge and have paused the service as a precaution. Our team is investigating.” Force Bridge plays a key role in Nervos Network’s multi-chain vision, enabling asset transfers between Nervos and other networks. This recent exploit adds to a growing list of cryptocurrency hacks that continue to trouble the entire digital asset industry. According to PeckShield, the crypto industry lost $244.1 million in May alone as a direct result of various hacking incidents.
Reference:
