Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$3 760 000 USD

JUNE 2025

GLOBAL

FORCE BRIDGE

DESCRIPTION OF EVENTS

Force Bridge is a cross-chain protocol developed on the Nervos Network to enable seamless asset transfers and interoperability between otherwise isolated blockchains. By leveraging smart contracts and token wrapping technology, Force Bridge facilitates decentralized finance (DeFi) operations across multiple blockchain ecosystems. It initially launched with support for Ethereum and ERC-20 tokens such as USDT, USDC, and DAI, and aims to expand compatibility to networks like Bitcoin, Cardano, TRON, EOS, and Polkadot, offering broad cross-chain functionality within a unified framework.

 

Launched on Nervos mainnet in 2021, Force Bridge represents a strategic milestone in Nervos’s roadmap toward creating an interconnected blockchain ecosystem. Nervos positioned the bridge as a foundational piece of its multi-chain infrastructure, alongside other tools like Godwoken and Polyjuice. These components are designed to support "Universal Applications"—decentralized apps that can operate across multiple blockchains without being limited by their native platforms. This architecture allows developers and users to engage in multi-chain transactions securely and efficiently, without compromising on decentralization or usability.

 

The significance of Force Bridge extends beyond technical functionality; it also reflects Nervos’s broader vision of building a modular, scalable network that supports a global blockchain ecosystem. Backed by major players like China Merchants Bank International and Sequoia China, and integrated with China’s Blockchain-based Services Network (BSN), Nervos has attracted institutional interest. Additionally, Nervos’s collaboration with IOHK on a bridge to Cardano and the launch of a $50 million ecosystem fund further highlight its commitment to fostering cross-chain development and DeFi innovation.

 

Prior to this incident, developers had shared a plan to sunset the project by November 2025. Magickbase had announced plans to sunset Force Bridge, citing low user activity and high maintenance costs in a notice published May 31.

 

"Over the past few years, Force Bridge and Godwoken have played pivotal roles in expanding the Nervos CKB ecosystem — enabling multi-chain asset interoperability, EVM compatibility, and DApp development. These two products marked Nervos' first major steps toward a layered architecture and cross-chain infrastructure.

 

However, as the industry evolves and the ecosystem pivots toward UTXO-native capabilities, off-chain services, and value-centric automation, it's time to sunset these early-stage components to make way for the next era of Nervos."

 

The Force Bridge exploit was a carefully orchestrated attack that leveraged admin-level access control vulnerabilities rather than a traditional code exploit. The attacker managed to systematically unlock and transfer assets across Ethereum and BNB Chain, using privileged functions like unlock() that are typically restricted to trusted operators. This level of access suggests the attacker either had stolen keys, obtained credentials through social engineering, or was potentially someone with insider knowledge. What makes the attack more suspicious is its precise timing—it occurred just hours after Magickbase, the Force Bridge operator, announced the protocol’s planned sunset.

 

Technically, the exploit unfolded in multiple stages. On June 1st, the attacker made several failed attempts on Ethereum before successfully executing transactions totaling over $3.1 million. The pattern was repeated on BNB Chain, where another $634,000 was drained. Each stage of the attack was preceded by funding transactions to dedicated wallets from KuCoin, with addresses specifically set up for each chain. Once the assets were unlocked and moved, they were immediately laundered through Tornado Cash and FixedFloat, leaving minimal trace and no opportunity for recovery. The transactions showed no signs of complex mechanisms like flash loans—just direct, efficient use of illicit privileges.

 

Forensics from Hacken and Cyvers further confirmed the methodical nature of the breach. The attacker’s wallet activity began shortly after the Force Bridge sunset announcement, suggesting rapid mobilization—possibly by someone already aware of the protocol’s internal structure or possessing credentials. The absence of communication from Force Bridge itself (which lacked a public presence) and the sole reliance on Magickbase’s social media to disclose the incident added to concerns about transparency. With no official post-mortem and the Nervos Foundation shifting public focus to other projects, the exploit’s narrative remains one of mystery, raising serious questions about operational security, shutdown procedures, and trust in legacy DeFi infrastructure.

 

Rekt News reports $3.76 million. The Block reports losses over $3m, which they break down as "about 257,800 USDT, 539.09 ETH ($1.35 million), 898,300 USDC, 60,400 DAI, and 0.79 wrapped bitcoin worth roughly $83,000".

 

CyversAlert provides a break-down of the asserts which were taken: 257.8K $USDT 539.09 $ETH 898.3K $USDC 60.4K $DAI 0.79 $WBTC

 

The community reaction to the Force Bridge exploit was a mix of suspicion, frustration, and resignation. Many observers were struck by the highly coincidental timing of the attack—coming just hours after Magickbase announced plans to sunset the bridge—leading to speculation that the exploit may have involved insider knowledge or compromised administrative credentials. The lack of a timely and direct response from the official Nervos Foundation only fueled further skepticism. Instead of addressing the exploit directly, the Foundation issued general messaging about decentralization and future plans, which some viewed as an attempt to deflect responsibility.

 

Community members on platforms like REKT and Twitter expressed concern over the lack of operational discipline and questioned the transparency of the shutdown process. Some called for stronger security practices around decommissioning protocols, especially those that retain admin keys post-deployment. Others highlighted how Force Bridge’s quiet operational presence—no official Twitter account or consistent updates—left users vulnerable and uninformed during a critical moment.

 

Despite the lack of a definitive explanation, most of the blockchain community seemed to interpret the event as a cautionary tale about the dangers of centralized control within DeFi bridges. The exploit reinforced the need for proper key management, open communication, and thorough offboarding protocols for legacy infrastructure. While conspiracy theories about an "inside job" circulated, many leaned toward the theory that someone with previously obtained credentials acted quickly upon seeing the sunset announcement, exploiting a narrow window of opportunity.

 

It does not appear that any funds have been recovered for affected users.

 

While Magickbase, the infrastructure partner managing the bridge, acknowledged the exploit and paused the service, no detailed post-mortem has been released. Blockchain security firms like Cyvers and Hacken continue to analyze wallet activity and transaction trails, but the core questions—how the attacker gained admin-level access and whether any internal party was involved—are still unanswered. This uncertainty has left the door open for speculation, and until a definitive explanation is provided, trust in the handling of the incident remains shaky.

 

The Nervos Foundation has distanced itself from direct involvement in Force Bridge’s operation, instead highlighting the decentralized nature of its network. However, this response has been seen by some as evasive, especially since the exploit affected users and assets within the broader Nervos ecosystem. The lack of direct communication from Force Bridge—given it had no official presence—has further frustrated users. Community members are still seeking clarity on whether proper procedures were followed during the sunset process and why critical access controls weren’t revoked ahead of time.

 

Explore This Case Further On Our Wiki

Force Bridge, a cross-chain protocol on the Nervos Network, was developed to enable interoperability between blockchains like Ethereum and BNB Chain using smart contracts and token wrapping. Initially praised for expanding Nervos’s DeFi and multi-chain ecosystem, Force Bridge faced a dramatic downfall following a $3.76 million exploit just hours after its planned sunset was announced by Magickbase, citing low activity and high costs. The attack exploited admin-level privileges—likely through compromised credentials or insider access—raising serious concerns about operational security and transparency. With no official post-mortem or fund recovery, the incident has fueled community suspicion and highlighted the dangers of centralized control in DeFi infrastructure.

Magick Base - "We’ve detected abnormal activity on #ForceBridge and have paused the service as a precaution. Our team is investigating. Updates will be shared ASAP. Thank you for your patience." - Twitter/X (Jun 10)
Hackers drain over $3 million in crypto from Nervos Network’s Force cross-chain bridge, say security analysts - The Block (Jun 10)
CyversAlert - "ALERT: Our system has detected multiple suspicious transactions involving @NervosNetwork. A suspicious address appears to have taken control over the bridge, stealing ~$3M in assets: 257.8K $USDT, 539.09 $ETH, 898.3K $USDC, 60.4K $DAI, 0.79 $WBTC. All funds were swapped to $ETH and sent to @TornadoCash. The team has paused all contracts and is actively investigating the incident." - Twitter/X (Jun 10)
Magick Base - "Hey Vanguards in the community, Thank you for your continued support of the CKB ecosystem. Today, we’re sharing an important update about two of our early infrastructure pillars: Force Bridge and Godwoken. They will officially begin sunsetting on 2025/06/01." - Twitter/X (Jun 10)
Extractor Web3 - "Security Alert Nervos Network's ForceBridge was exploited due to Access Control vulnerability for $3.9m worth of assets ($3.1m on ETH and $800k on BNB Chain)! There was failed attempt to execute an attack 6 hours prior to successful one." - Twitter/X (Jun 10)
Explained: The Force Bridge Hack (June 2025) - Halborn (Jun 10)
Initial Funding With 0.12367348 ETH - EtherScan (Jun 10)
Attacker Address - EtherScan (Jun 10)
Initial Funding With 0.49 BNB - BSCScan (Jun 10)
Attacker Address - BSCScan (Jun 10)
Running CKB - "Like many of you, we are eagerly awaiting further developments in regard to the hack of Force Bridge. We pride ourselves in living by the mantra of "don't trust, verify" and in this moment it is very clear that somewhere along the way, meeting the market led to adoption of designs that compromised on this absolutely essential principle. The motivation to shut down Godwoken & Force Bridge was to eliminate dormant risks, which this hack immediately brought to light." - Twitter/X (Jun 10)
First Failed Transaction (Reverted) - EtherScan (Jun 10)
First Successful Transaction For ETH,USDC,WBTC,USDT, and DAI - EtherScan (Jun 10)
Second Successful Transaction For 4.22885909 WBTC - EtherScan (Jun 10)
First Failed Transaction (Reverted) - BSCScan (Jun 10)
First Successful Transaction For 873.93788 BNB - BSCScan (Jun 10)
Second Successful Transaction For USDC, BTCB, BSC-USD, and BUSD - BSCScan (Jun 10)
End of an Era: Force Bridge Sunset - Force Bridge Sunset (Jun 10)
Sunset of Force Bridge and Godwoken - Sunset.ForceBridge.com (Jun 10)
Force Bridge UI/UX Design Contest Winners - Start With Nervos (Jun 10)
Nervos Network Homepage (Jun 10)
Public blockchain Nervos launches cross-chain ‘Force Bridge’ on mainnet - Forkast News (Jun 10)
What is Force Bridge? - Start With Nervos (Jun 10)
Force Bridge - CypherHunter (Jun 10)
CKB Eco Fund - "Don't trust, verify" - Twitter/X (Jun 10)
Securely Manage Your CKB Assets with Ease - Neuron (Jun 10)
Magickbase - GitHub (Jun 10)
Nervos Network - Twitter/X (Jun 10)
A Deep Dive Into the Tokenomics of Nervos Network - Nervos.org (Jun 10)
Nervos Network - Messari.io (Jun 10)
Nervos Network’s Force Bridge Loses $3 Million in DeFi Exploit - CryptoTimes (Jun 10)
Media Kit - Nervos.org (Jun 10)
Nervos Nation - Twitter/X (Jun 10)
Nervos Network - Reddit (Jun 10)
https://x.com/magickbase/status/1929480862698987786 (Jun 16)
https://x.com/magickbase/status/1932286601713123736 (Jun 24)
https://x.com/SlowMist_Team/status/1932292870725324826 (Jun 24)

Sources And Further Reading

More case studies

MegaETH Nigga Coin Launch
After Twitter/X Account Hack

Mehdi Farooq Alex Lin Zoom
Phishing Drains Life Savings

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.