DeFi whales have millions ‘forgotten’ in bridge contracts: Arkham

Share via:


Several identified crypto addresses have millions of dollars either “stuck” or “forgotten” about in at least two large bridge contracts, according to blockchain intelligence firm Arkham.

“There are dozens of accounts with 6-7 figures stuck in bridge contracts, forgotten about,” said Arkham in an April 22 X post., including wallets connected to Ethereum co-founder Vitalik Buterin, crypto exchange Coinbase, and several DeFi whales.

The firm attached two screenshots of fund transfers to and from the Arbitrum and Optimism bridges to support their case.

Source: Arkham Intelligence

Arkham noted a wallet that received 50 Ether (ETH) from Buterin has had $1.05 million stuck in the Optimism bridge for seven months now. If the address is owned by Buterin, it would represent a small fraction of his $789 million cryptocurrency portfolio, according to Arkham’s data.

Another wallet linked to Bofur Capital, which shares the same name as a Celsius creditor, has $1.8 million in wrapped-Bitcoin (WBTC) stuck in the Arbitrum bridge, which hasn’t moved in 27 months, while Thomasg.eth — the pseudonymous founder behind decentralized air transportation solution Arrow — has $800,000 in Ether stuck in the Arbitrum bridge.

Furthermore, Coinbase tried to bridge $75,000 in USD Coin (USDC) to Ethereum six months ago via the Optimism bridge, but it hasn’t been claimed on Ethereum’s base layer yet, Arkham said.

Related: Wormhole bridge hacker from 2022 was briefly eligible for the recent airdrop

There is, however, also a possibility that the owners behind these wallets still have complete control of the funds and have voluntarily chosen to park the funds there for the time being.

Cross-chain bridges play an important part in modular blockchain networks like Ethereum, which prioritizes data availability and security on the base layer and offloads transaction responsibilities to layer 2s.

However, bridges have become a honeypot site for hackers, as they are often automated by potentially vulnerable smart contracts or a highly centralized validator set.

For example, the $650 million Ronin bridge hack orchestrated by North Korea’s state-backed Lazarus Group came after it obtained access to five of the nine private keys held by transaction validators in March 2022.

Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time