Bridge Hacks Result in $328.6 Million Losses in 2025
Severity: High (Score: 67.2)
Sources: Tokenpost, Mexc
Published: · Updated:
Keywords: defi, hacks, security, bridge, drain, million, growing
Summary
In 2025, the cryptocurrency sector experienced a surge in bridge-related hacks, totaling $328.6 million in losses as of May 18. Eight incidents have been reported, primarily targeting cross-chain bridges that facilitate asset transfers between blockchains. The attacks exploit vulnerabilities in the complex infrastructure of decentralized finance (DeFi) platforms, including smart contract flaws and operational security failures. The KelpDAO exploit, which accounted for $293 million, highlighted weaknesses in LayerZero's bridge infrastructure. These incidents have raised concerns about user trust in DeFi protocols and the need for enhanced security measures. As the year progresses, the industry faces pressure to implement robust security practices and may attract increased regulatory scrutiny. The ongoing situation emphasizes the importance of due diligence for investors in the crypto space. Key Points: • Bridge hacks in 2025 resulted in $328.6 million in losses across eight incidents. • The KelpDAO exploit revealed vulnerabilities in LayerZero's bridge infrastructure. • DeFi protocols are under pressure to enhance security measures to restore user trust.
Detailed Analysis
**Impact** Eight bridge-related hacks in 2025 resulted in total losses of $328.6 million, affecting users of cross-chain DeFi protocols globally. These incidents drained locked assets from critical infrastructure points, eroding user trust and potentially slowing DeFi adoption. The losses impact investors relying on cross-chain bridges and may increase regulatory scrutiny on decentralized finance platforms. The broader DeFi ecosystem faces systemic risk due to its reliance on shared infrastructure and interconnected protocols. **Technical Details** Attackers exploited vulnerabilities in cross-chain bridge protocols, including smart contract flaws, private key compromises, and social engineering tactics. The KelpDAO exploit involved weaknesses in LayerZero’s bridge infrastructure, demonstrating operational security failures beyond traditional smart contract bugs. The attacks targeted locked asset pools within complex, multi-blockchain codebases and exploited governance systems, validators, and third-party tools. No specific CVEs or IOCs were provided in the source material. **Recommended Response** Defenders should prioritize using well-audited, established bridge protocols and implement multi-signature wallets, time-locks, and bug bounty programs to enhance security. Monitoring for unusual bridge activity and operational security failures, including governance and validator anomalies, is critical. Users should diversify holdings across platforms and employ hardware wallets to reduce risk exposure. No specific patches or IOCs were detailed; ongoing vigilance on cross-chain infrastructure and third-party dependencies is advised.
Source articles (2)
- Bridge Hacks Drain $328.6 Million in 2025: A Growing DeFi Security Crisis — Mexc · 2026-05-18
BitcoinWorld Bridge Hacks Drain $328.6 Million in 2025: A Growing DeFi Security Crisis The cryptocurrency industry has faced a significant security challenge in 2025, with bridge-related hacks becomin… - DeFi's Hidden Risks Are No Longer in Smart Contracts — Tokenpost · 2026-05-16
DeFi’s Hidden Risks Are No Longer in Smart Contracts. Source: Photo by panumas nikhomkhai For years, decentralized finance (DeFi) the idea that “code is law,” promising a financial system powered by t…
Timeline
- 2025-01-01 — First bridge hack reported: The first of eight bridge hacks occurred in 2025, marking the beginning of a troubling trend in DeFi security.
- 2025-01-05 — KelpDAO exploit occurs: The KelpDAO exploit resulted in a loss of $293 million, linked to vulnerabilities in LayerZero's bridge.
- 2025-05-18 — Total losses reach $328.6 million: As of May 18, 2025, total losses from bridge hacks have reached $328.6 million, affecting user trust in DeFi.
Related entities
- Data Breach (Attack Type)
- KelpDAO (Company)
- Iran (Country)