Structural failure
Centralized Validator Set
A small enough validator quorum that compromise of a single party — or coordinated compromise of several — can authorise arbitrary withdrawals.
Records exhibiting this pattern
Gravity Bridge Halted After Reported $5.4M Exploit
Gravity Bridge, a Cosmos-Ethereum bridge, was reported exploited on 2026-05-31 for about $5.4 million; public reporting and analyst commentary pointed to a possible signing-key or contract-key compromise, after which the bridge was halted.
$5.4M affectedWazirX Multi-Sig Hack — July 2024
India's largest cryptocurrency exchange lost approximately $235M from a multi-sig wallet compromise attributed to North Korea's Lazarus Group. Singapore restructuring proceedings remain open.
$235.0M affectedMultichain Bridge Disappearance — July 2023
The cross-chain bridge stopped processing transactions and approximately $130M was drained from bridge contracts after its founder and CEO Zhaojun He was reportedly detained by Chinese authorities.
$130.0M affectedOFAC Sanctions on Tornado Cash — August 2022
The US Treasury added Tornado Cash smart-contract addresses to the SDN list — the first time OFAC sanctioned autonomous code rather than persons or entities — and arrested co-founder Roman Storm a year later.
Ronin Bridge Hack — March 2022
A North Korean state actor compromised 5 of 9 validator nodes on the Ronin sidechain, draining $625 million in ETH and USDC.
$625.0M affectedWormhole Bridge Hack — February 2022
A signature-verification flaw in the Solana-Ethereum Wormhole bridge allowed an attacker to mint 120,000 wETH on Solana without depositing the matching ETH — a $325 million theft that Jump Trading replenished from its own balance sheet.
$325.0M affectedPoly Network Whitehat Exploit — August 2021
A cross-chain bridge exploit drained $611 million across Ethereum, Binance Smart Chain and Polygon — the largest crypto theft to that date — and was returned in full by an anonymous attacker who styled themselves "Mr. White Hat".
$611.0M affectedBitfinex Hack — August 2016
Attackers extracted 119,756 BTC from Bitfinex segregated hot wallets, worth $72M at the time. In February 2022 the US government seized $4.7B of the proceeds and arrested the two-person laundering operation.
$72.0M affected