How Blockchain Bridges Became Hackers’ Prime Targets

The crypto industry has evolved into an ecosystem interconnecting several Layer-1(L1) blockchains and Layer-2(L2) scaling solutions with unique capabilities and trade-offs.

Networks like Fantom, Terra, or Avalanche have become rich in DeFi activity, while play-to-earn dapps like Axie Infinity and DeFi Kingdoms sustain entire ecosystems like Ronin and Harmony. These blockchains have risen as serious alternatives to Ethereum’s gas fees and relatively slow transaction times. The need for an easy way to move assets between protocols on disparate blockchains became more critical than ever.

This is where blockchain bridges come in.

As a result of the multichain scenario, the Total Value Locked (TVL) across all DeFi dapps skyrocketed. At the end of March 2022, the industry’s TVL was estimated at $215 billion, 156% higher than March 2021. The amount of value locked and bridged in these DeFi dapps lured the attention of malicious hackers, and the latest trend suggests that attackers might have found a weak link in blockchain bridges.

According to the Rekt database, $1.2 billion in crypto assets were stolen in Q1 2022, representing 35.8% of all-time stolen funds according to the same source. Interestingly, at least 80% of the lost assets in 2022 have been stolen from bridges.

One of the most severe attacks occurred two weeks ago when the Ronin bridge was hacked for $540 million. Before that, the Solana Wormhole and BNB Chain’s Qubit Finance bridge were exploited for more than $400 million in 2022. The largest hack in the history of crypto occurred in August 2021 when the PolyNetwork bridge was exploited for $610 million, though the stolen funds were later returned.

Bridges are one of the most valuable tools in the industry, but their interoperable nature presents an important challenge for the projects building them.

Understanding Blockchain Bridges

Analog to Manhattan bridges, blockchain bridges are platforms that connect two different networks enabling a cross-chain transfer of assets and information from one blockchain to another. In this way, cryptocurrencies and NFTs are not siloed within their native chains but can be “bridged” across different blockchains, multiplying the options to utilize these assets.

Thanks to bridges, Bitcoin is used in smart contract-based networks for DeFi purposes, or an NFL All Day NFT can be bridged from Flow to Ethereum to be fractionalized or used as collateral.

There are different approaches when it comes to transferring assets. As their name suggests, Lock-and-Mint bridges work by locking the original assets inside a smart contract on the sending side while the receiving network mints a replica of the original token on the other side. If Ether is bridged from Ethereum to Solana, the Ether in Solana is just a “wrapped” representation of the crypto, not the actual token itself.

Locking and mint mechanism | source: MakerDAO

While the lock-and-mint approach is the most popular bridging method, there are other ways to complete the asset transfer like ‘burn-and-mint’ or atomic swaps self-executed by a smart contract to interchange assets between two networks. Connext (formerly xPollinate) and cBridge are bridges that rely on atomic swaps.

From a security standpoint, bridges can be classified into two main groups: trusted and trustless. Trusted bridges are platforms that rely on a third party to validate transactions but, more importantly, to act as custodians of the bridged assets. Examples of trusted bridges can be found in almost all blockchain-specific bridges like the Binance Bridge, Polygon POS Bridge, WBTC Bridge, Avalanche Bridge, Harmony Bridge, Terra Shuttle Bridge, and specific dapps like Multichain (formerly Anyswap) or Tron’s Just Cryptos.

Conversely, platforms that rely purely on smart contracts and algorithms to custody assets are trustless bridges. The security factor in trustless bridges is tied to the underlying network where the assets are being bridged, i.e., where the assets are locked. Trustless bridges can be found in NEAR’s Rainbow Bridge, Solana’s Wormhole, Polkadot’s Snow Bridge, Cosmos IBC, and platforms like Hop, Connext, and Celer.

At first glance, it might look like trustless bridges offer a more secure option for transferring assets between blockchains. However, both trusted and trustless bridges face different challenges.

Limitations of Trusted and Trustless Bridges

The Ronin bridge operates as a centralized trusted platform. This bridge uses a multisig wallet for custody of the bridged assets. In short, a multisig wallet is an address that requires two or more cryptographic signatures to approve a transaction. In Ronin’s case, the sidechain has nine validators that need five different signatures to approve deposits and withdrawals.

Other platforms use the same approach but diversify the risk better. For instance, Polygon relies on eight validators and requires five signatures. The five signatures are controlled by different parties. In the case of Ronin, four signatures were held by the Sky Mavis team alone, creating a single point of failure. After the hacker managed to control the four Sky Mavis signatures at once, only one more signature was needed to approve the withdrawal of assets.

On March 23, the attacker gained control over the Axie DAO’s signature, the final piece required to complete the attack. 173,600 ETH and 25.5 million USDC were drained from Ronin’s custodian contract in two different transactions in the second-largest crypto attack ever. It is also worth noting that the Sky Mavis team found out about the hack almost a week later, showing that Ronin’s monitoring mechanisms were at the very least deficient, revealing another flaw in this trusted platform.

While centralization presents a fundamental flaw, trustless bridges are prone to exploits due to bugs and vulnerabilities in their software and coding.

The Solana Wormhole, a platform that enables cross-bridge transactions between Solana and Ethereum, suffered an exploit in February 2022, where $325 million was stolen due to a bug in Solana’s custodian contracts. A bug in the Wormhole contracts allowed the hacker to devise the cross-chain validators. The attacker sent 0.1 ETH from Ethereum into Solana to trigger a set of “transfer messages” that tricked the program into approving a supposed 120,000 ETH deposit.

The Wormhole hack happened after Poly Network was exploited for $610 million in August 2021 due to flaws in the contracts’ taxonomy and structure. Cross-chain transactions in this dapp are approved by a centralized group of nodes called “keepers” and validated on the receiving network by a gateway contract. In this attack, the hacker was able to gain privileges as a keeper and thus deceived the gateway by setting its own parameters. The attacker repeated the process in Ethereum, Binance, Neo, and other blockchains to extract more assets.

All Bridges Lead To Ethereum

Ethereum remains the most dominant DeFi ecosystem in the industry, accounting for almost 60% of the industry’s TVL. At the same time, the rise of different networks as alternatives for Ethereum’s DeFi dapps sparked the cross-chain activity of blockchain bridges.

The largest bridge in the industry is the WBTC bridge, which is custodied by BitGo, Kyber, and Republic Protocol, the team behind RenVM. Since Bitcoin tokens are not technically compatible with smart contract-based blockchains, the WBTC bridge “wraps” the native Bitcoin, locks it in the bridge custodian contract and mints its ERC-20 version on Ethereum. This bridge became tremendously popular in DeFi Summer and now holds around $12.5 billion worth of Bitcoin. WBTC allows BTC to be used as collateral in dapps like Aave, Compound, and Maker, or to yield farm or earn interest in multiple DeFi protocols.

Multichain, formerly known as Anyswap, is a dapp that offers cross-chain transactions to more than 40 blockchains with a built-in bridge. Multichain holds $6.5 billion across all connected networks. However, the Fantom bridge to Ethereum is by far the largest pool with $3.5 billion locked. During the second half of 2021, the Proof-of-Stake network established itself as a popular DeFi destination with attractive yield farms involving FTM, various stablecoins, or wETH like those found on SpookySwap.

Unlike Fantom, most L1 blockchains use an independent direct bridge to connect networks. The Avalanche bridge is mostly custodied by the Avalanche Foundation and is the largest L1<>L1 bridge. Avalanche boasts one of the most robust DeFi landscapes with dapps like Trader Joe, Aave, Curve, and Platypus Finance.

The Binance bridge also stands out with $4.5 billion in assets locked, followed closely by Solana Wormhole with $3.8 billion. Terra’s Shuttle Bridge secures only $1.4 billion despite being the second-largest blockchain in terms of TVL.

Similarly, scaling solutions like Polygon, Arbitrum, and Optimism are also among the most significant bridges in terms of assets locked. The Polygon POS Bridge, the main entry point between Ethereum and its sidechain, is the third-largest bridge with almost $6 billion custodied. Meanwhile, the liquidity in the bridges of popular L2 platforms such as Arbitrum and Optimism is also on the rise.

Another bridge worth mentioning is the Near Rainbow bridge, which aims to solve the famous interoperability trilemma. This platform that connects Near and Aurora with Ethereum may present a valuable opportunity to achieve security in trustless bridges.

Improving Cross-Chain Security

Both trusted and trustless bridges, the two approaches to custody bridged assets, are prone to fundamental and technical weaknesses. Still, there are ways to prevent and diminish the impact caused by malicious attackers targeting blockchain bridges.

In the case of trusted bridges, it is clear that increasing the ratio of signers required is needed, while also keeping multisigs distributed into different wallets. And even though trustless bridges remove the risks related to centralization, bugs and other technical constraints present risky situations, as shown by the Solana Wormhole or the Qubit Finance exploits. Thus, it is necessary to implement off-chain actions to protect cross-chain platforms as much as possible.

Cooperation between protocols is needed. The Web3 space is characterized by its bonded community, so having the brightest minds in the industry working together to make the space a more secure place would be the perfect scenario. Animoca Brands, Binance, and other Web3 brands raised $150 million to help Sky Mavis diminish the financial impact of the Ronin’s bridge hack. Working together for a multichain future can push interoperability to the next level.

Likewise, coordination with chain analytics platforms and centralized exchanges (CEXs) should help trace and flag stolen tokens. This condition might disincentivize criminals in the mid-term, as the gateway to cash out crypto for fiat should be controlled by KYC procedures in established CEXs. Last month, a couple of 20 year olds were legally sanctioned after scamming people in the NFT space. It is fair to ask for the same treatment for identified hackers.

Audits and bug bounties are another way of improving the health of any Web3 platform, including bridges. Certified organizations like Certik, Chainsafe, Blocksec, and several others help make Web3 interactions safer. All active bridges should be audited by at least one certified organization.

Meanwhile, bug bounty programs create a synergy between the project and its community. White hackers play a vital role in identifying vulnerabilities before malicious attackers do. For instance, Sky Mavis has recently launched a $1 million bug bounty program to strengthen its ecosystem.

Conclusion

The surge of L1 and L2 solutions as holistic blockchain ecosystems challenging Ethereum dapps have created the need for cross-chain platforms to move assets between networks. This is the essence of interoperability, one of the pillars of Web3.

Nonetheless, the current interoperable scenario relies on cross-chain protocols rather than a multichain approach, a scenario about which Vitalik eased words of caution at the start of the year. The need for interoperability in the space is more than evident. Nonetheless, more robust security measures in this type of platform are needed.

Unfortunately, the challenge will not be overcome easily. Both trusted, and trustless platforms present flaws in their design. These inherent cross-chain flaws have become noticeable. More than 80% of the $1.2 billion lost in hacks in 2022 have come through exploited bridges.

In addition, as the value in the industry keeps increasing, hackers are getting more sophisticated too. Traditional cyberattacks like social engineering and phishing attacks have adapted to the Web3 narrative.

The multichain approach where all token versions are native to each blockchain is still far away. Therefore, cross-chain platforms must learn from previous events and strengthen their processes to reduce the number of successful attacks as much as possible.