Nervos Network's cross-chain protocol Force Bridge suffered a significant exploit resulting in the theft of approximately $3.9 million in cryptocurrency assets. The attack was first reported on June 2, 2025, by blockchain security firm Cyvers Alerts. An unauthorized address gained control over the Force Bridge, withdrawing multiple tokens, including 60,400 DAI, 539 Ethereum (ETH), 898,300 USD Coin (USDC), 257,800 Tether (USDT), and 0.79 Wrapped Bitcoin (WBTC).
The stolen assets included roughly $3 million from the Ethereum side and an additional $800,000 from the BNB Chain. The attacker attempted numerous failed breaches over six hours before successfully draining 874 BNB (worth about $572,000) during the full-scale exploit. The illicitly obtained funds were quickly funneled through mixers such as Tornado Cash and FixedFloat to obfuscate their origin.
In response to the incident, the Nervos ecosystem partner Magickbase halted the Force Bridge service to investigate abnormal activity. The Force Bridge plays a crucial role in enabling transfers of ETH, ERC-20 tokens, and potentially NFTs between Nervos, Ethereum, and Binance Smart Chain by locking assets on source chains and issuing corresponding tokens on the Nervos network. The exploit exploited an access control vulnerability, underscoring security concerns around DeFi bridges.
Security experts emphasized that the attack might have been mitigated through real-time monitoring tools designed to detect abnormal multi-chain activities early. This hack adds to a worrying trend of large-scale DeFi bridge breaches, following notable incidents like the Ronin Bridge hack ($600 million) and the Wormhole attack ($323 million). Despite high losses, the industry showed a 39% decrease in hack-related losses from April to May 2025, indicating some defensive improvements.