![](http://investorshub.advfn.com/images/default_ih_profile2_4848.jpg?cb=0)
Monday, April 11, 2022 4:47:27 PM
By Corin Faife@corintxt Apr 11, 2022, 8:00am EDT
What are blockchain bridges, why do they keep getting hacked, and can we ever stop it from happening?
nOn March 23rd, the Ronin blockchain network underlying the popular NFT-driven game Axie Infinity was hit with a hack that saw the attackers walk away with an eye-popping $625 million in cryptocurrency.
The Ronin hack was the largest amount of money that had ever been stolen from the type of service called a “bridge,” which connects one blockchain to another so that value can be sent between them. Unfortunately, it was far from the only hack to hit a bridge: less than two months previously, another bridge platform called Wormhole was exploited for close to $325 million, and about six months before that, more than $600 million was stolen from another cross-chain bridge called Poly. (In a surprising twist, the hacker later returned Poly’s stolen funds.)
In short, bridges are the weak point in a lot of cryptocurrency systems, and hackers are targeting them for more than $1 billion in little over a year. So it’s worth laying out exactly what they are, why they’re important, and how crypto companies can try to plug the billion-dollar hole in their pockets.
If you don’t have time to read further, the short answer to the first part is “yes, they’re vulnerable but maybe less so over time.” For the second part, the story is more complex.
(We’re assuming you know what a blockchain is already; if not, you can start here.)
SO WHAT IS A “BLOCKCHAIN BRIDGE”?
Essentially, it’s a system for connecting different blockchains, allowing users to exchange one kind of coin or token for another. Every cryptocurrency runs on its own blockchain: there’s Bitcoin, Ethereum, and newer currencies like Tether, Ripple, Solana, and so on. There’s no simple way for these different blockchains to interact — they might all use the concept of “addresses” to send and receive currency transactions, but you can’t send ETH directly to a Solana address.
A blockchain bridge is what developers have built to make that crossover a little smoother. If you’re holding ETH and you need Solana’s SOL to sign up for a game, you can send your ETH into a bridge, get SOL in return, and use the same method to convert back when you’re done playing.
WHY ARE BRIDGES PARTICULARLY VULNERABLE TO HACKS?
The short answer is that they’re handling a lot of complex requests and holding a lot of currency — and unlike the blockchains themselves, there’s no standard for how they’re supposed to keep everything secure.
Picture a blockchain bridge as an actual bridge between two islands. Each island has different rules about the type of car you can drive (maybe there’s an EV island and a regular gas island), so they won’t let you drive your car from one side to the other directly. In fact, you drive up to one side of the bridge, leave your vehicle in a parking garage, walk across, and pick up a rental car on the other side. Then, when you’re done driving around the other island, you bring your rental back to the bridge, walk across, and they hand you the keys to your car.
That means for every rental car driving around the island, there’s another car parked in the garage. Some are stored for hours, others for days, others for months, but they’re all just sitting there, and the company that operates the bridge has to keep them all safe. Meanwhile, other unscrupulous people know exactly how many cars are in the garage and are looking for ways to steal them.
Functionally, this means bridges are receiving incoming transactions in one type of cryptocurrency, locking it up as a deposit, and releasing an equivalent amount of cryptocurrency on another blockchain. When bridges get hacked, the attacker is able to withdraw money from one side of the bridge without putting anything in the other side.
Bridges are particularly tempting targets because of all the complex code, creating lots of opportunities for exploitable bugs. As CertiK founder Ronghui Gu explains: “If you’re trying to create a bridge between N different cryptocurrencies, the complexity of that is N squared,” — which means N more chances for bugs to creep in.
Crucially, these different cryptocurrencies aren’t just different units of money: they’re written in different programming languages and deployed in different virtual environments. Figuring out how these things should interact is very hard, especially for on-chain bridges that convert between multiple different coins.
HAVE BRIDGES MADE CRYPTOCURRENCY LESS SECURE OVERALL?
Probably not. Attackers are targeting bridges right now because they’re the weakest point in the system — but that’s partially because the industry has done a good job securing the rest of it. Kim Grauer, director of research at Chainalysis — a company that has produced research on DeFi thefts — told The Verge that bridge hacks are taking the place of the previous generation of damaging hacks against exchanges like Coincheck, BitMart or Mt Gox.
“IF YOU LOOKED AT OUR ECOSYSTEM JUST A FEW YEARS AGO, CENTRALIZED EXCHANGES WERE THE MAIN TARGET OF HACKS.”
“If you looked at our ecosystem just a few years ago, centralized exchanges were the main target of hacks. Every hack it was, ‘Centralized exchange goes down again,’ and the industry worked hard to have solutions that allowed us to overcome these hacking problems,” she says. “We’re seeing a lot of DeFi hacking, but I think the pace of it is actually slowing down. Definitely the rate at which this hacking is going on can’t continue for the industry to grow.”
ISN’T THE WHOLE POINT OF THE BLOCKCHAIN TO PREVENT THIS KIND OF ATTACK?
The problem is that many bridges aren’t on the blockchain at all. The Ronin bridge was set up to work “off-chain,” running as a system that interfaces with the blockchain but exists on servers that are not part of it. These systems are fast, flexible, and relatively lightweight — reducing some of the “N squared” complexity challenges — but can be hit with the same type of hacks that affect web services anywhere on the internet. (“This is not really blockchain,” Gu says. “These are ‘Web2’ servers.”)
Without the blockchain to settle transactions, the Ronin bridge relied on nine validator nodes, which were compromised through a combination of code hacks and unspecified social engineering.
There are other bridge systems that operate as smart contracts — basically, the “on-chain” alternative. It’s less likely that an attacker could subvert the code of an on-chain system through social engineering, and getting majority power over the network is extremely unlikely. The drawback is that the smart contracts themselves are highly complex, and if bugs do exist, it can be hard to update the system in a timely way. (Wormhole used an on-chain system, and the big theft occurred after hackers spotted security updates that were uploaded to GitHub but had not been deployed to the live smart contract.)
HOW DO WE STOP BRIDGES FROM GETTING HACKED?
It’s hard. The answer that came up time and time again was “code auditing.” In the type of case described above, where a project’s development team might be working across different programming languages and computing environments, bringing in outside expertise can cover blind spots that in-house talent might miss. But right now, a surprisingly large number of projects don’t have any auditor listed.
“I WOULDN’T CALL IT NECESSARILY A BUBBLE, BUT IT’S CERTAINLY A GOLD RUSH.”
Nick Selby, director of assurance practice at specialist security auditing company Trail of Bits, said that this is partly because of how fast the market has sprung up. Most companies are under huge pressure to grow, scale, and build new features to fend off competitors — which can sometimes come at the expense of diligent security work.
“We’re in, I wouldn’t call it necessarily a bubble, but it’s certainly a gold rush,” says Selby. “I think a lot of times, executives who are trying to innovate in the space will look at the desired feature outcome and say, ‘Well, this [product] does have the features I want. Therefore, it’s good.’ And there’s a lot of things they’re not looking at, so they’re not seeing them, which is where the code audit comes in.”
https://www.theverge.com/23017107/crypto-billion-dollar-bridge-hack-decentralized-finance
Recent ETHUSD News
- Analyst Says ‘Another Leg’ up Possible for Altcoin That’s Exploded 13,000%+ in Five Months – but There’s a Catch • The Daily Hodl • 07/14/2024 12:00:26 AM
- Analysts Unanimous: Solana (SOL) To Soar 100% – Details • NEWSBTC • 07/13/2024 11:00:40 PM
- More Than a Third of Ethereum Supply Worth Over $147,000,000,000 Now Staked, According to Santiment • The Daily Hodl • 07/13/2024 08:00:14 PM
- $1,640,000,000 in Crypto Assets Lost on BNB Chain Since Launch, Says Bug Bounty Platform Immunefi • The Daily Hodl • 07/13/2024 06:45:43 PM
- 180% Upside For Fetch.ai (FET)? Analyst Makes Bold Prediction Amid Market Jitters • NEWSBTC • 07/13/2024 06:30:18 PM
- ETFSwap (ETFS) and Cardano To Steer Altcoin Rally As Spot Ethereum ETFs Push Bitcoin • ZyCrypto • 07/13/2024 05:42:44 PM
- Dogecoin Sees 868% Spike In Whale Buys, Bulls Ready For Breakout Rally • NEWSBTC • 07/13/2024 04:30:55 PM
- Trader Says One Blue-Chip Memecoin Will ‘Do Big Numbers’ This Year, Updates Outlook on Bitcoin and Ethereum • The Daily Hodl • 07/13/2024 09:15:23 AM
- Is Altcoin Season Around the Corner? Bitcoin Halving Points to Potential Boom, Analyst Reveals • NEWSBTC • 07/13/2024 08:00:35 AM
- Total Depletion Of German Bitcoin Reserves: Wallet Left With Zero BTC • NEWSBTC • 07/13/2024 07:00:49 AM
- Analyst Predicts 2,750% Celestia (TIA) Price Explosion To $188, Here’s The Roadmap • NEWSBTC • 07/13/2024 05:30:16 AM
- Bitcoin Price Trajectory Remains Bearish, $49,000 Liquidity Zone Looms As Next Downside Target • NEWSBTC • 07/13/2024 04:00:47 AM
- Crypto Analyst Predicts Bitcoin Decline From Here, But What Happens Next? • NEWSBTC • 07/13/2024 01:00:18 AM
- Trader Says Top-10 Altcoin To Have a Strong Run in the Fourth Quarter, Updates Outlook on Celestia and Render • The Daily Hodl • 07/13/2024 12:00:01 AM
- Is Ethereum (ETH) About To Retest $4,000? Analyst Foresees 3x Rally • NEWSBTC • 07/12/2024 11:30:49 PM
- Here’s what happened in crypto today • Cointelegraph • 07/12/2024 09:53:15 PM
- Market Strategist Predicts 32% Stock Market Crash, How Will This Affect Crypto? • NEWSBTC • 07/12/2024 08:30:12 PM
- XRP Price Eyes Colossal 280% Breakout Amid CME Group Partnership • NEWSBTC • 07/12/2024 07:00:52 PM
- Price analysis 7/12: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIB • Cointelegraph • 07/12/2024 05:38:19 PM
- 6,400 Ethereum Mystery Move Sparks ETH Rally Talk Pre-ETF Nod • NEWSBTC • 07/12/2024 05:30:52 PM
- MOONHOP’s Bold Presale & Roadmap Attract Meme Enthusiasts While BRETT Gains Momentum & Ethereum NFTs Falter • ZyCrypto • 07/12/2024 04:45:13 PM
- Is $73,000 The Top For Bitcoin? Analyst Identifies Where BTC Is In This Cycle • NEWSBTC • 07/12/2024 04:00:15 PM
- Litecoin Is A Hub Of Whales: Over $2.85 Billion Of $100,000 Transactions Processed • NEWSBTC • 07/12/2024 02:30:24 PM
- Ethereum Could Continue Underperforming Bitcoin Even After Spot ETF Approval, Says Benjamin Cowen – Here’s Why • The Daily Hodl • 07/12/2024 02:30:13 PM
Cannabix Technologies and Omega Laboratories Inc. Provide Positive Developments on Marijuana Breathalyzer Testing • BLO • Jul 11, 2024 8:21 AM
ECGI Holdings Enhances Board with Artificial Intelligence (AI) Expert Ahead of Allon Apparel Launch • ECGI • Jul 10, 2024 8:30 AM
Avant Technologies to Meet Unmet Needs in AI Industry While Addressing Sustainability Concerns • AVAI • Jul 10, 2024 8:00 AM
Panther Minerals Inc. Launches Investor Connect AI Chatbot for Enhanced Investor Engagement and Lead Generation • PURR • Jul 9, 2024 9:00 AM
Glidelogic Corp. Becomes TikTok Shop Partner, Opening a New Chapter in E-commerce Services • GDLG • Jul 5, 2024 7:09 AM
Freedom Holdings Corporate Update; Announces Management Has Signed Letter of Intent • FHLD • Jul 3, 2024 9:00 AM