Cross-Chain Bridges Under Attack: the Threats and How to Mitigate the Risk
As the cryptocurrency world continues to evolve, cross-chain bridges have become essential for enabling interoperability between different blockchain networks. However, with this growing importance comes an increased risk of hacking and other security threats.
In our previous article on crypto hacks, we explored the security threats faced by the cryptocurrency world. Another area that has seen a growing number of attacks in recent years is cross-chain bridges, which enable users to transfer assets or data between different blockchain networks.
Despite the many great benefits that bridges offer, they have attracted the attention of hackers and money launderers. It’s unsurprising since the TVL of Ethereum bridges is already around $6bn, according to data from Dune Analytics, at the time of writing.
Cross-chain bridge hacks in 2022
According to data from TRM labs, a blockchain intelligence company, as of November 2022, $ 3.6 billion in funds have been stolen, with almost $2 billion being stolen through cross-chain bridge hacks. In March, the cross-network bridge of the Ronin blockchain was attacked, during which the attackers withdrew $624 million in ETH coins and USDC tokens.
Another huge episode was the hack of the Nomad protocol in the Evmos ecosystem in August. Almost all of its funds, worth around $200 million, were drained. The attack happened due to an update to one of Nomad’s smart contracts, which made it easier for people to trick the system into giving them money that didn’t belong to them.
In October, the BNB chain’s cross-chain bridge was hacked. The attacker exploited a bug in the Binance Smart Chain system to steal 2 million BNB, worth around $566 million. Around $137 million of these funds were transferred to other chains, while the rest were frozen.
These incidents show the potential vulnerabilities of cross-chain bridges and the importance of securing the systems.
But why do these hacks happen in the first place?
Challenges faced by cross-chain bridges
Cross-chain bridges undoubtedly provide many benefits, but due to their novelty, they also have disadvantages, including poor security and centralization.
As with any innovation in cryptography, bridges between chains are not 100% secure. Non-custodial bridges are open to attackers.
Vitalik Buterin, the co-founder of Ethereum, has raised concerns about the risk of hacking bridges. For Buterin, bridging is not ideal because it increases security risks in the process of transferring assets. He argues that the trade-off in favor of security arises because the attack vectors of assets increase over a wider network surface area as they move across a growing number of chains and decentralized applications with different security principles.
Another issue is single points of failure/centralization. Chainalysis believes bridges are an attractive target because they often represent a central storage point for the funds that back the assets of the bridge on the receiving blockchain. This storage point becomes the target whether these funds are stored in a smart contract or in a centralized custodian. The centralization of validators has made it much easier to compromise security.
Efficient cross-chain bridge design is still an unresolved technical problem, with many new designs being developed and tested. The various schemes represent new attack vectors that hackers can exploit as best practices improve over time.
Types of cross-chain bridge hack
Blockchain bridge hacks are usually designed to release tokens on one blockchain without a corresponding deposit on another blockchain. The main ways to achieve this are as follows:
False deposit events
Often, a bridge monitors deposit events on one blockchain to initiate a transfer to another. Suppose an attacker generates a deposit event without making it in real life or by depositing with a worthless token. In that case, they can devalue the bridge at the other end.
This is exactly what happened during the Qubit hack when a deprecated deposit feature in the code allowed fake deposits in the bridge contract.
In another instance, in the BNB chain hack, the attacker used the stolen BNB to borrow stablecoins on the BNB Chain. The hack was accomplished by registering as a relayer for the BSC and forging messages on a specific block height.
Fake validation
Bridges perform a deposit check before allowing a transfer. If an attacker creates a fake deposit that verifies as real, they can bypass the verification process. This was the case in the Wormhole hack when an attacker exploited a digital signature verification vulnerability to steal $326 million.
Validator interception
Some cross-chain bridges have a set of validators that vote on the approval of a particular transfer. If an attacker controls most of these validators, they can approve fake and malicious transfers. This is what happened when the Ronin Network was hacked, and the attacker took possession of 5 of the 9 bridge validators.
How to prevent the risk of cross-chain bridge hacking?
There are some common measures the stakeholders of the DeFi sector could take to strengthen the security of blockchain bridges:
Improving security protocols between chains
The most important thing developers can do is to harden the security protocols of their bridges between circuits. This includes the introduction of better authentication and authorization mechanisms, as well as stronger encryption protocols.
Smart contract audit
Bridges often link blockchains together through smart contracts. This makes smart contract auditing a vital component of the bridge security process. By identifying and fixing vulnerabilities before releasing the code to the blockchain, smart contract security audits could prevent many significant cross-chain bridge breaches discussed earlier.
Raising awareness and education
Stakeholders should raise awareness and education about cross-chain exploits among all users of blockchain ecosystems. This step will help them be more vigilant of potential threats and take steps to protect their funds and data.
Improve communication
Communication between stakeholders is crucial to help them share information about new threats and vulnerabilities so they can be addressed quickly. As such, stakeholders can collaborate to develop standardized security measures for the whole DeFi sector.
Lower risks and a brighter future
Cross-chain bridges are fundamental to creating an interoperable, open, and decentralized blockchain space. They have numerous benefits that allow users to quickly and efficiently transfer their assets between multiple networks.
However, we cannot deny the need to eliminate their shortcomings to end the chain of hacks that happened in 2022. Ultimately, bridges are still under development in the booming blockchain space, so there will surely be more improvements over time.
Do you like this article? There are more to come!
Follow us and Subscribe to stay updated with our latest blog post.
More Stories:
📰 DeFi Hacks on the Rise: Is There a Solution?
📰 No More Tokens: Fiat-backed stablecoin as ideal crypto collateral
About GMO-Z.com Trust Company
Building Financial-Grade Digital Assets. The World’s First Regulated JPY-Pegged Stablecoin Issuer. Visit our website to learn more.
Disclaimer
This content is not financial advice and it is not a recommendation to buy or sell any financial instruments, FX trading, cryptocurrency or engage in any trading or other activities. You must not rely on this content for any financial decisions. Acquiring, trading, and otherwise transacting with financial instruments or cryptocurrency involves significant risks.
We strongly advise our readers to conduct their own independent research before engaging in any such activities.GMO Trust does not guarantee or imply that any cryptocurrency or activity described in this content is available or legal in any specific reader's location. It is the reader's responsibility to know the applicable laws in their country.
