A US$11 million blockchain exploit last month has reignited questions about how secure today’s cross-chain infrastructure really is.
In October 2025, the Garden bitcoin bridge suffered a roughly US$11 million loss after one of its solvers was compromised. These solvers essentially act as market makers for the protocol.
Attackers once again targeted weaknesses between networks, not the chains themselves, exposing how interoperability remains the blockchain industry’s most fragile layer.
A few months ago, in June 2025, Taiwanese cryptocurrency exchange BitoPro disclosed it was the victim of a calculated cyber-attack that resulted in the theft of another US$11 million in digital assets. The breach occurred on May 8 during a routine upgrade of its hot wallet infrastructure.
Then, threat actors believed to be from the Lazarus Group seized the moment and exploited the routine upgrade operation to carry out unauthorized withdrawals across multiple blockchains, including Ethereum, Solana, Polygon and Tron.
Techniques used in the May 2025 breach mirrored those seen in Lazarus-linked operations, including SWIFT system exploits and previous exchange hacks. While investigators found no evidence of insider involvement, they confirmed that the perpetrators used social engineering tactics to infect a cloud operations employee’s device with malware, exploiting hijacked AWS session tokens to bypass multi-factor authentication (MFA) and seize control of BitoPro’s cloud infrastructure.
Are cross-chain or multi-chain security flaws inherent to the infrastructure? What can be done about these flaws? CybersecAsia.net finds out from Wesley Crook, CEO, FP Block…
In light of recent blockchain exploits, how secure is cross-chain infrastructure relative to other financial/banking/payments infrastructure today?
Crook: I suppose the key problem with blockchain exploits is the decentralized infrastructure that means there is often no obvious method of recourse for affected users.
With common financial and payment infrastructure like PayPal, Stripe, or SWIFT, there are available remedies for error, exploit, or fraud, but with blockchain, once something is written into code, it is irrevocable without huge disruption to the entire system.
Why do bridge exploits keep happening? What underlying design flaws do they expose?
Crook: The frequency and impact of bridge exploits have significantly reduced over the years, but I do think the proliferation of AI is going to accelerate the discovery of latent vulnerabilities in blockchain and smart contract code due to the ability for potential hackers to analyze and assess unprecedented amounts of information for weaknesses.
How can these risks and losses be mitigated?
Crook: Firstly, these risks and losses can be mitigated by leaving no stone unturned in the construction of platforms and smart contracts and committing to regularly auditing and updating their code on an ongoing basis.
Next, what blockchain app builders need is a high‑performance blockchain development framework designed to remove the traditional barriers of blockchain architecture.
Besides being able to launch production‑ready blockchain applications in days, not months, you also need a platform that offers instant integration of external data and on‑demand block production, to give you unmatched control, flexibility, and scalability by eliminating the need for rigid smart contract frameworks and unreliable shared infrastructure.
What standards are emerging to make multi-chain infrastructure audit-ready, and what do they mean for the future of blockchain and crypto?
Crook: At FP Block, we built Kolme to solve these problems, allowing founders to launch their own dedicated chains for their applications that don’t rely on external infrastructure providers — giving the power of blockchain while eliminating traditional bottlenecks for both builders and potential users.
We think this move toward a singular standard is important for blockchain and crypto to be more widely integrated into a larger suite of products.
