How Secure are Crosschain Solutions– Why CrossFi?

On August 1, 2022, Nomad DeFi project’s token bridge, a platform for sending ERC-20 tokens between compatible blockchains, witnessed over $190 million crypto carted away from its account by unknown hackers.

The crypto developer, who goes by the username Foobar on Twitter, in a statement after the attack said it’s “the first decentralized crowd-looting of a 9-figure bridge in history.” The statement isn’t hyperbolic in any way considering the hundreds of addresses that had received tokens from the bridge during the assault, plus users who had joined in the mass exploitation, which has consequently left the project’s total value at $16,000 (according to DefiLlama) — barely a pittance compared to its initial value. Moreover, a few months ago, Nomad had won $22 million in a seed round moderated by the crypto investor Polychain Capital.

This is not the first bridge to face such an attack this year. Just two weeks before, Axie Infinity’s Ronin bridge was hacked for $540 million. Its hackers were able to exploit the network by contacting a developer on Linkedin, and after a long series of interviews offering him a fake job offer PDF that contained malware, allowing access to his computer. Before that, more than $400 million was exploited from the Solana Wormhole and BNB Chain’s Qubit Finance Bridge as a result of flaws in the contracts’ taxonomy and structure. The largest exploitation in the history of crypto happened almost a year ago, in mid-August 2021, when the PolyNetwork Bridge lost about $610 million in the attack, although the funds were claimed to be returned.

Bridges are one of the most essential tools in the crypto industry. However, their nature of interoperability presents a major challenge for their developers. Since they connect two different networks allowing a cross-chain transfer of data and assets from one blockchain to another, they are notable targets for hackers and scammers. And most of the loopholes that led to this attack had been brought upon by technological weaknesses as well as weak fundamental assessments.

According to the crypto security company CertiK, the Nomad breach was as a result of both aforementioned weaknesses — fundamental and technological. The first cause of the breach was due to a “routine upgrade that allowed bad actors to skip verification messages,” which further allowed other users to join in the exploitation galore within the bridge. Additionally, the vulnerability was also in the token bridge’s initialization process introduced in the flawed routine upgrade, which allowed users to copy and paste the original hackers transaction number and replace it with a personal address. Researchers have confirmed that in the first four hours of the attack, other hackers, bots and lastly, the community members, had joined in the opportunistic mob.

Although Nomad has written on Twitter that it’s “working round the clock to address the situation” and “working with law enforcement agencies to identify the accounts involved and to trace and recover the funds, it’s not a good look both on the company that has prided itself as a “security-first, cross-chain future”; and on its fellow bridges because no right-minded individual will do business on a platform rigged with enormous risks. Hence the need for developers to find a way to combat these attacks and make bridges secure again.

Most developers are already holding high the flag of this fight against hackers and bad actors. CrossFi developers, for example, are currently building new upgrades to avoid the heavy-fisted tricks of these malicious attackers: through increasing cooperation with other protocols; coordination with chain analytic platforms and centralized exchanges (CEXs) which helps to trace and flag stolen tokens; and implementation of audits and bug bounties which would help improve the health of the space. And more developers, especially of bridges, should follow in their footsteps. Because trust, in the world of crypto industry, is the most valuable commodity.

CrossFi is a cross-chain protocol that provides liquidity for Filecoin staking and rewards.

CrossFi Official Website: https://crossfimain.com

CrossFi DApp Address: dapp.crossfimain.com

CrossFi Official Twitter Account: https://twitter.com/globalcrossfi

CrossFi Official Discord Group: https://discord.gg/UKGSX3VBY3

CrossFi Official Global Telegram Group: https://t.me/crossfimain_en