Nervos Network’s Force Bridge was hacked for $3.9 million in crypto, prompting an immediate shutdown as the team investigates the exploit.
Blockchain security firm Cyvers Alerts first reported the incident in a June 2 post on X, noting that a suspicious address appeared to have taken control of the bridge. Several tokens were drained by the attacker, including 60,400 Dai (DAI), 539 Ethereum (ETH), 898,300 USD Coin (USDC), 257,800 Tether (USDT), and 0.79 Wrapped Bitcoin (WBTC).
The attack siphoned off approximately $3 million from the Ethereum side and an additional $800,000 from BNB Chain. In another update, blockchain security firm Hacken revealed that the exploit occurred after the attacker made multiple failed attempts over a six-hour period before finally breaching the system.
“This exploit reinforces what we’ve been warning about for months: access control failures are now one of the most critical threats in Web3,” Hacken said in a statement shared with Crypto.news. “The attacker made multiple failed attempts over a 6-hour window before successfully draining 874 BNB. That kind of activity should have raised immediate alarms.”
According to Hacken, the attacker initially targeted Force Bridge on BNB Chain shortly after 01:30 UTC on June 2, making repeated failed attempts. A small test breach occurred around 02:23 UTC, netting just $25. The full-scale exploit happened at 07:36 UTC, when 874 BNB, worth roughly $572,000 at the time, was successfully drained. Additional funds were later stolen on both BNB Chain and Ethereum, bringing the total to $3.9 million.
The stolen assets were quickly funneled through crypto mixers and anonymous platforms, including Tornado Cash and FixedFloat, in an attempt to obscure the trail. Hacken noted that funds were split among newly created wallets and routed through multiple hops before being deposited to these services.
Hacken stressed that the attack could have been mitigated with real-time monitoring tools like its Extractor platform, which is designed to detect abnormal activity across chains and stop exploits before they escalate.
In response to the hack, Magickbase, a Nervos Network (CKB) community developer, halted all Force Bridge activity, stating, “We’ve detected abnormal activity on #ForceBridge and have paused the service as a precaution. Our team is investigating.”
Force Bridge plays a key role in Nervos Network’s multi-chain vision, enabling transfers of assets like ETH, ERC-20 tokens, and potentially non-fungible tokens between Nervos and networks such as Ethereum and Binance Smart Chain.
The bridge functions by locking assets on the source chain and issuing matching tokens on Nervos, under the protection of a multi-signature wallet operated by Nervos and its partners.
This exploit adds to a growing list of cryptocurrency hacks that continue to trouble the industry. According to blockchain security firm PeckShield, the cryptocurrency industry lost $244.1 million in May as a result of hacks. Although that number is still high, it represents a 39% decrease from the total losses in April, indicating a slight improvement in response or defense capabilities.
