Recently published figures from Chainalysis reveal that crypto-hacking activity reached an all time high of $3.8 bn (USD) in 2022. This is up from $3.3bn in 2021, which itself represented a record breaking year, with 2020 hacking levels being a comparative lowly $0.5bn, which the Financial Times coined as 'crypto's January market recovery'.
This significant upwards trend is, in part, a result of the increasing ubiquity of cryptocurrencies. However, on a more granular level, the rise in hacking activity is a direct result of the increased popularity of cross-chain bridge protocols. Cross-chain bridges are, in very broad terms, software applications that allow for communications between different blockchains. In a crypto-setting, these allow crypto-owners to port their cryptocurrency from one blockchain to another i.e. to easily ‘convert’ one cryptocurrency into another. The bridges therefore significantly increase liquidity between cryptocurrencies.
The majority of bridges utilise a lock-and-mint model i.e. they will lock a cryptocurrency into a smart contract on the original blockchain and then mint equivalent assets on the second chain. These bridges have become targets for hackers with Chainalysis noting that the smart contracts can become “huge, centralized repositories of funds backing the assets that have been bridged to the new chain — a more desirable honeypot could scarcely be imagined”. Accordingly, if there are any vulnerabilities in underlying smart contract, these can become exploited by bad actors, as was the case in the $570m Binance hack in October of last year.
As matters stand, it is not expected that the vulnerabilities that arise from the use of these bridges will be resolved in the near future. With English law quickly adapting to assist in crypto-recoveries (noting there were a number of key judgments in 2022), and insurers slowly beginning to provide cover to crypto-businesses, it is expected that 2023 will be another busy, and seminal year, for ‘crypto-litigation'.
If a bridge gets big enough, any error in its underlying smart contract code or other potential weak spot is almost sure to eventually be found and exploited by bad actors.
https://blog.chainalysis.com/reports/2022-biggest-year-ever-for-crypto-hacking/