More than $400 million drained from hacked blockchain bridges in little more than a week

Graham Cluley
Graham Cluley
@[email protected]

More than $400 million drained from hacked blockchain bridges in little more than a week

What’s happened?

Meter Passport, a blockchain bridge, has been hacked – and it is estimated that some US $4.4 million worth of cryptocurrency has been stolen.

What’s a blockchain bridge?

Imagine you have some Bitcoins, and you want to transfer some of them into another cryptocurrency such as, for instance, Ethereum.

The Bitcoin is held on one blockchain, and the Ethereum is held on another. Blockchains aren’t connected in anyway, but a blockchain bridge (sometimes called a crypto bridge) enables cross-chain communication allowing tokens to be transferred.

Couldn’t I just withdraw my funds in one cryptocurrency as cash and then buy the other cryptocurrency?

Sure. But if you’re planning to do this kind of transfer regularly you’re likely to find it a lot more convenient to use a blockchain bridge than withdraw your Bitcoins into a wallet as cash and then use the cash to buy Ethereum.

Ok. I get it. When did the hack happen?

A total of 1,391 ETH and 2.74 BTC was drained from the Meter Passport bridge on Saturday 5 February at 6am PST through the exploitation of a vulnerability in Meter Passport’s code.

I guess people will think twice about trusting Meter Passport with their cryptocurrency now.

Of course. But Meter Passport is just the tip of the iceberg.

Sign up to our free newsletter.
Security news, advice, and tips.

In the week before the Meter Passport hack, which netted criminals US $4.4 million worth of cryptocurrency, two other blockchain bridges were hacked.

On 3 February, an attack on the Wormhole network was described as the “fourth biggest crypto hack of all time” after more than US $320 million was stolen.

And on 27 January, Qubit’s blockchain bridge had more than US $80 million stolen by hackers.

It’s almost like you would be mad to trust all these cryptocurrency services and firms that have sprung up in recent years…

Do you think?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.