Amid growing security incidents on blockchain-based platforms, the total value locked on cross-chain bridges witnessed a significant blow after it dropped below $45 billion on June 27.
In May, the total value locked on bridges was around $50 billion, according to DeFiLlama. This is a drop of around 10% in more than a month.
(Source: liquidterminal.xyz)
Major bridges like LayerZero, Hyperliquid Bridge, Coinbase Bridge, and others have faced a major drop in TVL. For example, TVL on cross-chain bridges on Hyperliquid has dropped from $4 billion in May to $341 million in June.
Cross-Chain Bridges Become Soft Targets for Hackers
Cross-chain bridges are playing a major role in transacting digital assets between various blockchains. However, due to vulnerabilities and loopholes in these bridges, they have become a soft target for hackers.
According to the Chainlink report, the exploitation of cross-chain bridges is responsible for around 40% of all stolen funds in the Web sector. The cumulative amount of all stolen funds on bridges is now revolving around $2.8 billion.
The major reason behind the vulnerability in bridges is their complex design. These bridges are currently relying on validators, multi-signature wallets, oracles, or smart contracts to execute transactions. These vast digital infrastructures create various entry points for attackers. There are common patterns in these cyber attacks on bridges, including the compromise of private keys, loopholes in signature verification, unsafe external calls, and zero-value exploits.
These security loopholes have been repeatedly exploited by major hacking groups, such as North Korea’s Lazarus Group. The increasing frequency and scale of these cyber attacks on the blockchain-based sector have raised concerns in the blockchain industry.
Hacks Expose Vulnerabilities on Bridges
In the last few months, blockchain-based platforms have experienced major hacks, where users lost millions of dollars of funds from the DeFi protocols. A popular security firm, PeckShield, disclosed 8 major bridge exploits in May 2026, and users have lost around $328.6 million in total.
On April 18, hackers exploited Kelp DAO’s LayerZero-powered bridge, allowing them to steal more than $292 million. This was one of the biggest DeFi exploits in 2026. The attack directly targeted the LayerZero bridge adapter.
The attackers tricked a LayerZero packet on UniChain. Hackers compromised internal RPC nodes, and after that, they launched a DDoS attack on legitimate nodes.
These cyber attacks are continuing a long history of security incidents on bridges, including the Ronin Bridge hack of 2022, where users lost $624 million due to compromised private keys. In the same year, the Wormhole experienced a major exploitation. Just a few weeks ago, Gravity Bridge suffered a major exploitation, allowing hackers to steal $5.4 million.
Earlier, Vitalik Buterin, co-founder of the Ethereum blockchain, shared his view on the security-related issues. In 2022, Vitalik Buterin stated in a social media post, “The fundamental security limits of bridges are actually a key reason why, while I am optimistic about a multi-chain blockchain ecosystem (there really are a few separate communities with different values and it’s better for them to live separately than all fight over influence on the same thing), I am pessimistic about cross-chain applications.”
“Many people have the mentality that “if a blockchain gets 51% attacked, everything breaks, and so we need to put all our force on preventing a 51% attack from ever happening even once”. I really disagree with this style of thinking; in fact, blockchains maintain many of their guarantees even after a 51% attack, and it’s really important to preserve these guarantees,” he said.
