The year has not been without its hardships, but in the midst of the bear market that has affected various web3 sectors, some appear to have been hit harder than others. This year, crypto bridges have been the victims of what can be called a series of unfortunate events, as there have been numerous reports of hacks that have robbed bridges of large sums of money.
This prompted Chainalysis, a blockchain analytics firm, to release a report estimating that $2 billion in cryptocurrency had been stolen across 13 separate cross-chain bridge hacks. The majority of the assets stolen this year, which totaled $1.4 billion, and accounted for 69% of total funds stolen in 2022. There are growing concerns about the security risks of bridges, a concept that many believe is an essential part of the web3 development phase in the near future.
What is a Crypto Bridge
A crypto bridge, also known as a cross-chain bridge, is a protocol that allows digital assets to be transferred from one blockchain to another without the use of cryptocurrency exchanges such as Binance. The primary purpose of cross-chain bridges is to facilitate network interoperability, allowing users to access new platforms and leverage the benefits of different chains, and making it easier to swap tokens from different blockchains directly without having to go through the process of selling owned tokens and repurchasing required ones. Bridges have also been known to serve as Layer 1 blockchain and Layer 2 scaling solutions for networks with high fees and slow transaction processing time such as Ethereum.
The way bridges normally work is that they have liquidity pools of the various blockchains that are supposed, if, for instance, a person wishes to swap BTC for ETH, he sends in his BTC into the BTC liquidity pool which is locked and receives an equivalent of his deposited asset in the coin that he wishes to have, which in this case is ETH. Bridges have become predominant for users of dApps, DeFi protocols, and Metaverse.
Notable Bridge Hacks in 2022.
Here is a record of notable attacks on bridges this year and the losses incurred.
Multichain bridge, a cross-chain router protocol, was hacked in mid-January, and hackers stole tokens totaling $3 million in value from users, including Wrapped ETH (WETH), Peri Finance Token (PERI), Official Mars Token (OMT), Wrapped BNB (WBNB), Polygon (MATIC), and Avalanche (AVAX) following an announcement that the bridge had some problems that had been fixed. One of the hackers was a “white hat hacker”, and he pointed out that they exploited the same vulnerabilities that the bridge claimed had been fixed. He took 384 ETH in total, returned 322 ETH ($900,000 at the time), and kept 62 ETH ($173,000) as a bounty for himself.
In the latter days of January, Qubit Finance’s Binance Smart Chain to Ethereum bridge also witnessed a hack on its X-Bridge that swept off $80 million from its coffers. The hacker made off with wETH, BTC-B, CAKE, CUNNY, MDX, and various other stablecoins.
Wormhole’s Portal bridge was hacked on February 2nd by attackers who exploited a vulnerability on the Solana side of the bridge to generate wETH for themselves. $320 million was siphoned, which initially tipped off the balance of the bridge, which was supposed to hold a 1:1 Ethereum to Solana ratio, but was later replenished.
A few days after the Wormhole incident, a smart contract hack resulted in $4.4 million losses on the Meter Paasport bridge. The attack targeted the Moonriver side of the bridge, stealing assets via under-collateralized loans.
Axie Infinity's Ronin bridge was the victim of the largest bridge hack of the year, costing $615 million total—173,600 ETH and $25.5 million in USDC—after hackers took advantage of a node vulnerability. Developers subsequently gathered $150 million in a financing round headed by Binance to compensate those affected by the black swan incident.
In June, hackers looted $100 million from Harmony's Horizon bridge by exploiting its Layer 1 Blockchain. The Harmony bridge is protected by nine validators, and hackers gained control of the required five validators, stealing altcoins such as Frax (FRAX) and Wrapped Ether (wETH), SushiSwap (SUSHI), Frax Share (FXS), Aave (AAVE), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC), and USD Coin (USDC) which were all swapped for Ether (ETH).
The final hack recorded so far this year happened this month when cross-chain bridge Nomad experienced a smart contract failure resulting in a $190 million sweep from its wallets. The incident began with a single attacker withdrawing 100 wBTC and immediately exchanging it for wETH and ETH. This was followed by withdrawals from thousands of “copycats” who were able to copy and paste the attacker’s original call data, and replace it with their own addresses. Fortunately, over 40 addresses who were white hat hackers returned more than $36 million back to the recovery address.
Cross-chain Bridges and their Security Concerns
In January, Ethereum co-founder Vitalik Buterin tweeted an open skepticism of crypto bridges, where he stated that his argument for the future of blockchain is that it would not be cross-chain but rather multi-chain. “...there are fundamental limits to the security of bridges that hop across multiple zones of sovereignty,” he said. Vitalik also included pictures of his Reddit post, showing that cross-chains do not possess the immunity against at least 51% of attacks that are enjoyed by on-chain blockchains (Ethereum on Ethereum, Solana on Solana), which would result in the ability for hackers to propose blocks and steal people’s cryptocurrencies. He also highlighted how the addition of more bridges to the cross-chain networks is a security concern that could scale negatively.
Some have strongly disagreed with him, citing the importance and even urgency of bridges in the development of the blockchain, while others have attributed his statement solely to the Ethereum Merge, which is expected to solve scaling issues and is set to launch soon. However, the evident trail of attacks that followed Vitalik's tweet has not proved him wrong, leaving many wondering why bridges are so vulnerable to hacking and possible solutions to this ongoing crisis. Crypto bridges are a relatively new concept that is vulnerable to numerous risks and structural and infrastructural issues. Connecting chains that operate on different principles necessitates even more caution and better engineering processes to ensure that risks are limited and that threats to the systems are detected early and disarmed efficiently.
Read Also: NFT Utility: Types, Importance, and Ideas
It has become clear that the developers of these bridges have a lot of work to do in terms of securing assets and restoring the trust of their protocols' users. The Merge is also approaching, and its success will pave the way for other networks to seek scaling solutions other than crypto bridges. Still, there is a need to transition from a largely Ethereum-dominated web3 space to a more multi-chain system, which necessitates interoperability across networks.
Storing your cryptocurrencies in online wallets, exchanges and software wallets exposes you to risks of being hacked. Consider storing them in a hardware wallet today