An estimated $2 billion worth of cryptocurrencies has been stolen from cross-chain bridges across 13 separate hacks so far this year.
The attacks on cross-chain bridges account for 69% of total funds stolen, according to a recent report by blockchain data firm Chainalysis, and pose a serious risk to establishing confidence in blockchain technology.
What are cross-chain bridges?
A cross-chain bridge is a technology that enables users to transfer assets between blockchains. They are intended to address the difficulty of achieving interoperability across various blockchains.
For instance, the Wormhole cross-chain bridge protocol enables users to transfer NFTs and cryptocurrencies across the various smart contract blockchains, including Solana and Ethereum.
Cross-chain bridges have also become increasingly attractive targets for hackers. Even more concerning is that bridges are currently a prominent target for North Korean-linked hackers.
Why are cross-chain bridges vulnerable?
Cross-chain bridges are desirable targets as they frequently include a central repository for money that support the “bridged” assets on the receiving blockchain. Whether the money is kept in a smart contract or with a central custodian, it becomes a target wherever it is kept.
A lot of new models are being created and evaluated, and successful bridge design is still a technological problem that has to be solved.
As best practices are improved over time, these various designs provide unique attack vectors that malicious actors may take advantage of.
What actions can the industry take?
Centralized exchanges were the industry’s most frequent hacking targets until a few years ago. That’s because these exchanges prioritize security and hackers are constantly seeking the newest and most exposed services to target.
Extremely rigorous code audits should become the gold standard of decentralized finance (DeFi) for those designing protocols and for investors assessing them.
While not foolproof, this could be a useful start in resolving issues like these.
The most reliable and secure smart contracts will eventually be able to be used as building blocks by developers.
Cross-chain bridges have defense mechanisms at their disposal, too. In the case of a hack, they can use blockchain technology’s transparency to look into the movement of funds and, in most cases, stop attackers from withdrawing their illicit earnings.
While bridge designs can vary, most cross-chain bridge interactions include users transmitting money in one asset to the bridge protocol, where it is subsequently locked into the contract.
A counterpart asset on the chain that the protocol bridges to is subsequently provided to the user in the corresponding amount.
In the case of Wormhole, customers often submit ETH to the protocol, where it is held as collateral, and are then granted ETH that has been wrapped around the Wormhole token on Solana.
Bridges and other cryptocurrency providers should spend money on security precautions and training.
For instance, sophisticated social engineering techniques that prey on people’s trust and negligence in order to infiltrate corporate networks have long been a preferred attack strategy, especially among hackers with ties to North Korea.
Teams should get training on these dangers and warning signs.
Image courtesy of Pixabay