In 2021, losses from cryptocurrency thefts totaled $10.5 billion, according to Elliptic, up from $1.5 billion the year before. This is a story about how a simple software bug allowed the fourth-biggest cryptocurrency theft ever. Coby Moran is the lead investigator at Merkle Science, a predictive Web3 risk and intelligence platform. Wormhole bridge, for example, experienced a major hack that resulted in the loss of $321M in February 2022. Get familiar with the terms related to blockchain with Blockchain Basics Flashcards.
Memorably, the Poly Network bridge had about $611 million worth of cryptocurrency stolen last August, before the attacker gave the funds back a few days later. In all of these attacks, hackers exploited software vulnerabilities to drain funds, but the Ronin Bridge attack had a different weak point. When handling ERC-20 deposit requests, users usually provide the token address as input to the deposit function. This poses a significant risk as untrusted external calls can occur during the transaction. Implementing a whitelist that only includes the tokens supported by the bridge is a common practice to minimize risk.
Trustless blockchain enables users to keep Custody of their crypto assets and funds throughout the process. Both reliable and trustless methods may have underlying technological faults. To be more precise, a trusted bridge’s centralized feature has a primary pain point, but trustless bridges are vulnerable to flaws in the application and the underlying code.
In conclusion, the above three attacks all resulted from a defect in the verification process. Namely, the function to deposit ERC20 can be used to generate proof that allows the withdrawal of ETH at the target chain. For the Wormhole bridge, the contract failed to verify the “sysvar account” input injected by the caller. The attacker bypassed the verification process by evading the bridge contract, essentially providing proof of non-existent tokens to the bridge. This allowed the attacker direct access to the bridge’s funds without inputting any real cryptocurrency.
The particular cryptocurrency then need to be deposited to the bridge’s generated address. The blockchain bridge will deliver you the wrapped token equal to the coin’s value once it has been received at the other end. https://www.xcritical.in/blog/what-is-a-blockchain-bridge-and-how-it-works/ Ethereum, Binance bridge, Avalanche, and Polygon PoS are some of the most famous bridges available. For higher throughput at the expense of decentralization, Avalanche and Solana L1s are constructed differently.
Since blockchain assets are often not compatible with one another, bridges create synthetic derivatives that represent an asset from another blockchain. At ChainPort, bridging times average at less than 1 minute for most blockchains. One of the primary reasons for these hacks, as stated by CoinTelegraph, is open-source code and copy-pasting https://www.xcritical.in/ code. With open-source code, blackhat hackers can review a bridge’s code for vulnerabilities. If a bridge’s developer copy pastes code from another bridge, they may copy the same vulnerabilities. Finally, running an active bug bounty program can incentivize the identification and reporting of potential security vulnerabilities.
They allow users to access new protocols on other chains and enable developers from different blockchain communities to collaborate. In other words, blockchain bridges are a critical component of an interoperable future of the blockchain industry. Blockchain networks are decentralized and rely on their own governance rules and communities. While data stored on the chain is fully transparent, the infrastructure of the network is designed to serve a stand-alone ecosystem.
The most notable recent example is Wormhole, but a week before that attack, a bridge called Qubit was exploited for $80 million. Other bridges like Wormhole and Multichain are bidirectional, or two-way, meaning you can freely convert assets to and from blockchains. Just as you can send Solana to Ethereum’s blockchain, you can send ether to Solana.
Bridges have rightly earned a reputation as Web3’s weak link after a string of exploits this year. Withdrawing from a crypto bridge can vary depending on the specific platform you are using. ChainPort is a lock-and-mint bridge, meaning that if the newly minted tokens are bridged back to their original blockchain, the user will withdraw their original tokens. Hackers have focused on blockchain bridges as they store a large amount of value in the form of tokens. As per CoinTelegraph, over $2.5 billion has been stolen from blockchain bridges in the past two years. Lock and mint bridges lock the tokens on chain A after receiving them and mint new tokens at a 1-to-1 ratio on chain B.
They are called “trusted” bridges because the user must trust the central entity to act in good faith and not steal their assets. Despite their lack of decentralization, trusted bridges are usually faster and cheaper than their trustless counterparts. A blockchain bridge is a protocol connecting two blockchains to enable interactions between them. If you own bitcoin but want to participate in DeFi activity on the Ethereum network, a blockchain bridge allows you to do that without selling your bitcoin. Blockchain bridges are fundamental to achieving interoperability within the blockchain space.
Blockchain networks exist as separate communities with their economies, limiting their interactions. However, as blockchain projects and decentralized applications (dApps) grow, the demand for asset interoperability across networks increases. Both trusted and trustless approaches can have fundamental or technical weaknesses. To be more precise, the centralization aspect of a trusted bridge presents a fundamental flaw, and trustless bridges are vulnerable to exploits that stem from the software and the underlying code.
This is a means of protecting their crypto while the developers find a solution to overcome the limitations of current blockchain bridging protocols. Unfortunately, there hasn’t been a perfect solution to the conundrum the industry faces. Both trusted and trustless platforms have implicit flaws in their design and compromise the security of the blockchain bridge in their respective ways. To better understand cross-chain bridges, consider several top cryptocurrency blockchains today. Ethereum is one of the best-known smart-contract networks, enabling NFTs, cross-chain bridges, and other blockchain features.
One of the challenges with using blockchain technology, however, is the fact that different blockchain networks are not compatible with each other. This means that if two organizations are using different blockchain networks, they cannot easily exchange data or value. Firstly, you’ll need to determine the chain you want to bridge and the respective amount.