Nervos Network’s Force Bridge, a vital link for transferring assets between blockchains, was hit by a devastating hack earlier today. Cybercriminals siphoned off roughly $3 million in digital assets in mere seconds, exposing yet another vulnerability in the world of decentralized finance (DeFi). The attack has raised urgent questions about the security of cross-chain bridges.
The Genesis of the Hack
The Nervos Force Bridge hack was a calculated strike exploiting a flaw in the bridge’s access control system. Hackers gained unauthorized control over the smart contract, allowing them to drain funds at lightning speed. According to security analysts, the attacker manipulated the contract’s permissions, bypassing safeguards to transfer assets directly to their wallets.
The stolen haul included 257,800 USDT, 53.9 ETH, 898,300 USDC, 60,400 DAI, and 0.79 WBTC, totaling around $3.9 million, with $3.1 million on Ethereum and $800,000 on Binance Smart Chain. The funds were quickly converted to ETH and funneled through Tornado Cash, a crypto mixer, to obscure their trail.
A failed attempt at the exploit six hours earlier hinted at the attacker’s persistence, but the successful breach caught the Nervos team off guard. The bridge was immediately suspended to prevent further losses, leaving users frustrated and the DeFi community on edge.
A Chain of Hacks
Nervos Network has suspended all bridge operations and is working with law enforcement and exchanges to track the stolen funds. The team has promised a thorough audit and plans to overhaul security protocols, including stricter access controls and enhanced contract audits.
However, the Force Bridge attack is not an isolated incident but part of a troubling trend targeting cross-chain bridges, which crashes the platforms in some cases. For example, just a week ago, Cork Protocol, a decentralized crypto platform, was hit with a massive exploit, resulting in the loss of approximately $12 million. Following the incident, the Cork team notified the media via an X post, alerting users to the exploit for security reasons.
Additionally, Four.Meme, a meme token generator operating on the Binance Smart Chain (BSC), raised the alarm of a cyberattack 3 months ago, resulting in the loss of liquidity on its PancakeSwap v3 pools. The platform lost around 200 BNB (worth $130,000) in the exploit. The hack has raised concerns about the security of decentralized finance (DeFi) platforms.
