Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The Force Bridge, a cross-chain bridge on the Nervos Network, is suspected to have been compromised, with approximately $3.7 million in assets stolen. The Nervos team has urgently suspended all contracts and is actively investigating the incident. According to the incident investigation report, malicious code was discovered in one of the Docker images. The code had been injected into Ethereum-related modules and was not part of the public source code — instead, it was embedded through a locally built Docker image. Attack method (per SlowMist): Supply Chain Attack. Reported loss: $ 3,700,000.
- chain
- ethereum
- protocol
- Force Bridge
- bug_class
- unknown
- date_occurred
- 2025-06-01
- loss_usd
- $3,700,000
- source_id
- sm:force-bridge::2025-06-01