1 day ago
1 The cross-chain interoperability solution of the Nervos Network, called Force Bridge, seems to have experienced a serious security problem that led to the theft of about $3 million worth of digital assets.
The event, first pointed out by the on-chain security platform Cyvers Alerts, has led to an urgent investigation and the halting of Force Bridge’s operations.
Cyvers states that an unauthorised and suspicious address seems to have successfully exploited the Force Bridge, managing to temporarily seize control over its operations. The attacker managed to siphon off a significant amount of several crypto tokens, which included: 257,800 USDT, 539.09 ETH, 898,300 USDC, 60,400 DAI, and 0.79 WBTC.
Once they had the stolen money, it was converted entirely to Ethereum (ETH) — a common practice when laundering crypto, given how easy it is to buy and sell ETH. From there, the investigator followed the cash through Tornado Cash, an Ethereum mixer that obfuscates transactions from senders and receivers. Mixers are a commonly used laundering tool because they hide the origin and destination of the funds. Tornado Cash’s job is to make tracking the funds impossible.
ALERTOur system has detected multiple suspicious transactions involving @NervosNetwork.
A suspicious address appears to have taken control over the bridge, stealing ~$3M in assets:
257.8K $USDT
539.09 $ETH
898.3K $USDC
60.4K $DAI
0.79 $WBTC
All funds were swapped to $ETH and… pic.twitter.com/jA3EZVpTeN
— Cyvers Alerts 
(@CyversAlerts) June 2, 2025
Assets Laundered Through Tornado Cash
Familiar in the world of crypto crime, Tornado Cash is employed by some as a strategy for obfuscating stolen assets. By using the platform, hackers attempt to sever the connection between the original, pilfered funds and the digital vacuum cleaner’s clean output. Though Tornado Cash has been used by legitimate privacy advocates, it has become a favorite among cybercriminals. They especially seem to favor it after they’ve just pulled off some big, splashy exploit.
Tornado Cash continues to operate, despite being sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) in 2022. It functions through decentralized smart contracts—like other DeFi protocols. And those smart contracts, by design, are very difficult to shut down. Who can you appeal to if money is lost in exploits, like the one that happened to Force Bridge, and is sent to a service that can’t be turned off, where it will mix (blur the trail) with other assets in what’s now a largely unregulated marketplace?
The team at Nervos Network has moved quickly to limit any additional harm by pausing the Force Bridge contracts. They have stated that they are investigating the situation and are in the process of gathering information to determine the full extent of what happened. Although the specific weakness that was taken advantage of has not yet been disclosed, the scale of the attack—over $200 million worth of digital assets—and the precision with which it was executed suggest a very serious and very skilled hacking job.
Community Response and Future Implications
This breach adds to the burgeoning list of cross-chain protocol hacks that have plagued the crypto space in recent years. Breaches at interoperability bridges, for instance, have proven to be high-risk targets for hackers, given these protocols’ complex architectures and the vast amounts of liquidity they manage. In 2022, attacks on the Poly Network and Wormhole bridges resulted in hundreds of millions of dollars in losses, while a similar assault on the Ronin Network resulted in a more than half a billion dollar loss.
The cryptocurrency community is not taking this situation lightly. Nervos (the platform under which the affected funds were held) has received a lot of concern and even some pressure to communicate effectively with its user base during the ongoing investigation. As Jered from Cyvers (who provides real-time alerting systems for crypto platforms) pointed out, this situation really emphasizes the necessity of providing real-time alerts for any suspicious behavior before funds are moved beyond reach.
For Nervos Network, this incident will likely lead to a reevaluation of its bridge architecture and security protocols. As the team works to reestablish trust and transparency, they are advising users to be cautious and avoid using the bridge until further notice.
The hack of Force Bridge serves as another “DeFi is insecure” reminder. DeFi hackers are a growing problem, and the only way to stop or at least slow them down is to beef up security measures for DeFi applications. So far, it appears that the app was not sufficiently secured. Commentators note that hackers targeting DeFi projects are quite sophisticated.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
Bengali (Bangladesh) · 
English (United States) ·