More than $400 million drained from hacked blockchain bridges in little more than a week

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

More than $400 million drained from hacked blockchain bridges in little more than a week

What’s happened?

Meter Passport, a blockchain bridge, has been hacked – and it is estimated that some US $4.4 million worth of cryptocurrency has been stolen.

What’s a blockchain bridge?

Imagine you have some Bitcoins, and you want to transfer some of them into another cryptocurrency such as, for instance, Ethereum.

The Bitcoin is held on one blockchain, and the Ethereum is held on another. Blockchains aren’t connected in anyway, but a blockchain bridge (sometimes called a crypto bridge) enables cross-chain communication allowing tokens to be transferred.

Couldn’t I just withdraw my funds in one cryptocurrency as cash and then buy the other cryptocurrency?

Sure. But if you’re planning to do this kind of transfer regularly you’re likely to find it a lot more convenient to use a blockchain bridge than withdraw your Bitcoins into a wallet as cash and then use the cash to buy Ethereum.

Ok. I get it. When did the hack happen?

A total of 1,391 ETH and 2.74 BTC was drained from the Meter Passport bridge on Saturday 5 February at 6am PST through the exploitation of a vulnerability in Meter Passport’s code.

I guess people will think twice about trusting Meter Passport with their cryptocurrency now.

Of course. But Meter Passport is just the tip of the iceberg.

Sign up to our free newsletter.
Security news, advice, and tips.

In the week before the Meter Passport hack, which netted criminals US $4.4 million worth of cryptocurrency, two other blockchain bridges were hacked.

On 3 February, an attack on the Wormhole network was described as the “fourth biggest crypto hack of all time” after more than US $320 million was stolen.

And on 27 January, Qubit’s blockchain bridge had more than US $80 million stolen by hackers.

It’s almost like you would be mad to trust all these cryptocurrency services and firms that have sprung up in recent years…

Do you think?

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.