As new blockchains continue to emerge, cross-chain bridges are more essential than ever to enhance interoperability between blockchain ecosystems.
That said, new innovations also surface numerous attack vectors. cross chain bridge hacking It will account for 69% of stolen funds in 2022.
there were 13 cross chain bridge 2022 will be the year with the largest majority.
This article briefly describes all cross-chain hacking events in 2022 to make it clearer. Cross-chain bridge security in today’s times.
How do cross-chain bridges create interoperability for crypto assets?
understand the behavior of cross chain bridge Through example.
Users have assets on the Ethereum network, but need to use them on Polygon. He immediately seeks out centralized exchanges such as his Coinbase and Binance to convert his ETH in possession into his MATIC which he uses on Polygon.
Now he wants to convert his remaining MATIC tokens into ETH. So he has to repeat the same process over and over.
Interestingly, cross-chain bridges straighten the process and provide an easier way to transfer assets between different blockchain networks.
How do you do that?
Most cross-chain bridges work in a lock-and-mint model to achieve interoperability.
Same scenario where a user wants to use ETH tokens on the Polygon network.let’s see how he can do it cross chain bridge.
- Users can send ETH tokens to specific addresses on the Ethereum chain and pay transaction fees.
- ETH tokens are locked in smart contracts by validators or held by custodial services.
- MATIC tokens of equal value to locked ETH tokens are now created on the Polygon chain (destination chain).
- Users can receive MATIC tokens in their wallets and use them to conduct transactions.
What if a user wants his ETH tokens back?
This is where “token burn” comes into play.
- Users can send MATIC tokens remaining in their wallet to specific addresses on the Polygon chain.
- These MATIC tokens will be burned so that the funds cannot be reused
- A smart contract or custodial service releases ETH tokens and deposits them into the user’s wallet.
In practice, cross-chain bridges work by wrapping the tokens used from one blockchain to another.
When a user wants to use Bitcoin on the Ethereum network, the cross-chain bridge converts BTC on the Bitcoin blockchain to wrapped Bitcoin (wBTC) on the Ethereum blockchain.
Looking at this, it’s easy to say that there is a fair amount of complexity as the source and the destination blockchain uses two different smart contracts. Any issue from either side therefore puts the user’s funds at risk.
There are two types of bridges: trusted and untrusted.
Broadly speaking, the type of bridge determines who holds authority over the fund.
Trusted Bridge It is operated by a central entity that manages funds transferred through the bridge.
trustless bridge It works with smart contracts and algorithms, and the smart contract itself initiates all actions. In this way users can manage their assets.
The chaos that led to the cross-chain bridge compromise
The record of recent hacks in 2021-2022 clearly shows that DeFi bridges are the most popular targets for attackers.
Track hacks since the creation of the cross-chain bridge
As I said before, 2022 is responsible for the majority of hacks. Let’s see what went wrong with all these hacks.
BSC (unaudited)
“2 Million BNB Tokens Worth $586 Million Stolen From BSC Token Hub”
BSC Token Hub is a Binance bridge connecting the old Binance Beacon Chain and the BNB Chain. The attacker minted 2M BNB from the BNB bridge by presenting fake deposit proofs on the Binance Beacon chain.
Hackers have exploited a flaw in Binance Bridge to verify evidence and borrow 1 million BNB from two transactions each.
The attackers then used the borrowed funds as collateral for the BSC lending platform’s Venus protocol, and the liquidity was instantly transferred to other blockchain networks.
Nomad Attack
“Nomad Bridge was brutally attacked and lost $190 million in liquidity.”
Nomad turned out to be a permissionless hack that anyone could participate in and exploit. A replica contract initialized with a bug following a regular contract upgrade.
The process() function is responsible for executing cross-chain messages and has an internal requirement to validate Merkle roots to process messages.
A coding bug allowed an exploiter to directly call the process() function without “proving” its validity.
Due to a code bug, ‘messages’ value 0 (invalid according to legacy logic) was validated as ‘proven’. This therefore meant that all process() calls were accepted as valid, leading to the stealing of funds from the bridge.
Many hackers have had the opportunity to loot large sums of money simply by copying and pasting the same process() function call via Etherscan.
harmony bridge
“Harmony faced an uphill road losing over $100 million due to private key compromise.”
Harmony Bridge was protected by 2 of 5 multisig and the attack vector successfully accessed two addresses.
The hackers used the compromised addresses they needed to get the transaction through, and ended up getting $100 million from the bridge.
Few people suspect that private keys have been compromised because hackers gained access to the servers that run these hot wallets.
Ronin Network (unaudited)
“Biggest cryptocurrency hack – Ronin exploit up to $624 million”
Ronin was an Ethereum sidechain that operated on a Proof of Authority model with nine validators to approve transactions.
Approving a deposit or withdrawal transaction requires 5 out of 9 validator approvals. Of these, he has four validators who are internal team members, and he only needs one more signature to approve the transaction.
Hackers not only compromised four internal validator nodes, but also accessed this fifth signature to exfiltrate funds from the Ronin bridge contract.
Unfortunately, the attack was identified almost a week later.
Meter.io (unaudited)
“Bridge attack stole $4.4 million from Meter.io”
ChainSafe’s fork of ChainBridge, Meter.io, was launched with a change in how deposits are made with ERC20 handlers.
Mismatched deposit methods were exploited by hackers to loot funds by transferring arbitrary amounts. call data.
wormhole
“Wormhole Incident Hackers Earn $326 Million in the Process”
Wormhole, a Solana bridge, was manipulated into believing that 120,000 ETH was deposited into Ethereum. This allowed hackers to create equivalent wrapped assets in Solana.
Hackers took advantage of the shortcomings of ‘Solana_program::sysvar::instructions’ and ‘Solana_program’ not validating addresses correctly. Using this, the attacker provided an address containing his 0.1 ETH, and on Solana he created a fake “signature set” to fraudulently create 120k wrapped ETH.
Q bridge (unaudited)
“Qbridge Under the Lens of an $80 Million Exploit”
Qubit enables cross-chain collateralization of assets between Ethereum and BSC.
Due to a logic error in the bug, it is now possible to spend xETH on BSC without having to deposit ETH on Ethereum. This allowed the hackers to obtain secured loans on Qubit despite having no deposits locked in the Ethereum contract.
Some light on cross-chain bridge security
In addition to the security measures built into our protocol design, we minimize the risk surface of attacks by performing thorough and regular audit checks. As a pioneer of QuillAudits Tier 1 audit firm We have a global reputation for securing projects.
20 view
0 Comments