Coinbase reveals reasons behind recent bridge hacks in crypto

Coinbase’s Institutional research team notes many bridge hacks occurred due to the complexities around source chain commit and cross-chain relay.

Cyber incidents related to cross-chain bridges are likely to decrease in the foreseeable future as many protocols continue adopting rollup solutions alongside increased scrutiny on secure designs.

According to Coinbase Institutional’s recent research report, most of the largest bridge hacks over the past few years happened due to the complexities around the signing and validation of messages by the relayers. These third-party services facilitate the transaction of data between different blockchains.

David Han, Institutional Research analyst at Coinbase, referred to the notorious Ronin bridge hack when a hacker using a social phishing scheme got five out of nine private keys needed to forge data payloads to signify withdrawals.

“The Multichain hack (July 2023) also saw the private key of the relayers leaked, leading to valid signatures for fraudulent transactions.”

David Han, researcher at Coinbase

Although the crypto industry lost more than $2 billion worth of crypto across 13 separate cross-chain bridge hacks in the first half of 2022, Han noted that the frequency and size of bridge-related hacks have dropped since then.

According to Coinbase’s calculations, the value lost due to bridge-related hacks has declined 90% in 2023 to less than $140 million. The Coinbase analyst admitted there are still risks to exist. Still, bridge-related hacks “are likely to continue trending lower” as bridge designs “continue to leverage canonical rollup bridges for escrow.”

In August 2022, Ethereum co-founder Vitalik Buterin raised concerns about the safety of cross-chain bridges, saying that multi-chain solutions are more reliable as keeping possession of a native blockchain’s assets within the original network is safer than keeping tokenized versions of cryptocurrencies.