- Hackers stole over three million dollars from Nervos Network’s Force Bridge using an access control flaw.
- Stolen crypto assets were converted to ETH and moved to Tornado Cash and FixedFloat for laundering.
- Nervos Network halted bridge operations and launched an investigation with help from law enforcement.
Nervos Network’s Force Bridge, a cross-chain platform, was recently targeted in a major crypto security breach. Blockchain investigators confirmed that millions in digital assets were stolen during the attack.
The breach was reported on June 2 and has raised new concerns across the crypto community about the safety of cross-chain protocols.
Details of the Breach
Cyvers Alerts was the first to detect suspicious activity on Force Bridge. The firm reported that the attackers stole about $3 million in various crypto tokens. These included 257,800 USDT, 893,300 USDC, 60,400 DAI, 539.09 ETH, and 0.79 WBTC.
After stealing the assets, the hackers quickly converted them to ETH and moved the funds to Tornado Cash, a crypto mixing protocol often used to obscure transactions.
Shortly after, another blockchain security firm, Extractor, published its analysis of the breach. According to Extractor, the attackers exploited an Access Control vulnerability and stole approximately $3.9 million in total.
It reported $3.1 million in losses from Ethereum and $800,000 from the Binance Smart Chain. The report also indicated that the attackers had attempted to access the system earlier but failed before eventually succeeding.
Hacker Movement and Techniques
The funds stolen in the breach were then deposited into Tornado Cash and FixedFloat. These platforms help cybercriminals mask the origin and destination of digital assets. This method complicates tracking and reduces the chances of fund recovery. The movement of funds to multiple mixers suggests an organized and well-planned attack.
The attackers used advanced methods to exploit known weaknesses in bridge architecture. Such exploits often allow hackers to bypass restrictions and access wallet functions without proper authorization. In this case, the attackers took advantage of a flaw in the Force Bridge’s access controls. This allowed them to withdraw large sums without detection until it was too late.
Nervos Network’s Immediate Response
In reaction to the attack, Nervos Network immediately halted all operations on Force Bridge. The platform confirmed the breach and estimated losses at approximately $3.7 million. It launched a full investigation and is now collaborating with law enforcement and crypto exchanges to trace the attackers. Nervos has also committed to strengthening its internal security protocols.
The platform assured users it would provide regular updates through official channels. It is also working to recover the stolen funds while reviewing network-wide security. User accounts on the platform remain under observation for any further suspicious activity.
Ongoing Crypto Security Threats
This incident is one of several recent hacks in the blockchain space. PeckShieldAlert reported 20 major crypto breaches in May, totaling $244.1 million in losses. April saw even higher losses, reaching $402.11 million, while March recorded $33.46 million. The upward trend in attacks highlights ongoing vulnerabilities.
Among the hardest-hit platforms was Cetus Protocol, which lost $220 million but later recovered $157 million. Cork Protocol lost $12 million in staked Ethereum, while Mobius and MapleStory Universe lost $2.16 million and $1.2 million respectively. A separate case saw North Korean hackers stealing $5.2 million from an individual user’s wallet.
