Cross-chain bridge transactions are considered to be the weakest point of blockchain. This flow cost users about $2 billion in the first half of 2022.
According to a report by the Chainalysis intelligence agency, 69% of attacks carried out this year were cross-chain bridge hacks. It's curious that cross-chain bridges were once seen as a solution to interoperability issues among different blockchains. As it turned out, the solution proved to be the network's biggest vulnerability.
The thing is that bridges are the only point at which assets are merged, making them attractive to cybercriminals. In addition, much of the code for these protocols is open source, which should increase trust in the community. However, it also makes it easier for hackers to access and rewrite them to get their hands on users' funds.
Erin Plante, senior director of investigations at Chainalysis, believes that close international cooperation and proper regulations are needed to protect users and investors. Nevertheless, the number of attacks has already brought the issue to the attention of international regulators. However, it will likely take some time for adequate protection to be developed and applied, so the number of attacks could increase in the short term.
Chainalysis also found that at least two of the largest cross-bridge hacks (that of the Ethereum sidechain Ronin and that of the Harmony Protocol's Horizon) were conducted by the North Korean Lazarus Group. In total, they stole around $1 billion in their hacks in 2022, accounting for half of the total losses.
In addition to the cross-chain bridge's vulnerability, the North Koreans also use other means to access their victims. According to the report by CoinIdol, a world blockchain news outlet, members of Lazarus Group are said to be involved in the theft of LinkedIn resumes. The hackers use this data to trick employers into giving them jobs in US and European countries and make money for the regime.
In general, it seems that the cryptocurrency industry has attracted the attention of hackers. In the second quarter of 2022 alone, the number of black-hat attacks increased by 1.5 times. So, the overall trend seems to be quite alarming.
Perhaps regulators and law enforcement agencies will eventually figure out how to protect users and investors, but until then, people in the crypto industry should remain extremely cautious and prudent.