Blockchain Platforms have to equip themselves to deal with the challenges of Bridge Protocol hacks
Most hacks on Blockchain this year were on Cross-chain Bridge Protocols
This year was dominated with a good share of cross-chain protocol bridge hacks. Just a few weeks back, the Nomad bridge was hacked with 200$ million worth of value having been stolen, before which we had Axie Infinity’s Rohan side-chain which facilitated transactions to and from the Ethereum Blockchain get hacked with 622$ million worth of value stolen from the bridge. The Wormhole bridge too was hacked with a theft amounting to 320$ million.
It’s true that this year, hackers are focused on stealing cryptos from bridge protocols.
Huge value hacks from cross-chain bridges poses a challenge to Blockchain developers
Mainstream Blockchain security services firm Chainalysis has published a report explaining that this year most of the hacks on Blockchain have been on cross-chain bridge protocols, which has accounted for 69% of the Blockchain hacks so far this year. About 2$ Billion value worth of cryptos in total have been hacked cumulatively.
Obviously, such gross amounts of hacks in cross-chain bridges is a concern which poses a threat to Blockchain adoption and confidence.
Hackers have a hard time cashing out as they can be tracked by Blockchain Analytics firms
Although these days there are a number of Blockchain security firms that can track the flow of the stolen funds by the hackers and prevent them from cashing out. This is because Blockchain is transparent and the transaction flow of funds can be tracked by Blockchain Analytics firms like Chainalysis, Elliptic etc.
Nowadays, it is very common for team members of hacked Defi protocols to negotiate with hackers for return of stolen funds, and there have been instances where hackers have returned back the stolen funds knowing that it's difficult to cash out, and they are at a risk to get tracked down by Blockchain analytics firms. This is good news of course.
Understanding why Hackers are now targeting Bridge Protocols for their loot
Let’s understand why Bridge protocols attract hacker’s attention.
Bridges were the immediate way for bringing about interoperability in the Blockchain Ecosystem
Just a year or two back, we did not have a solution for Blockchain interoperability, meaning cryptos could not be moved from one Blockchain to another.
However, interoperability was needed, to integrate the Blockchain ecosystem as each Blockchain functioned in a siloed fashion being isolated from other Blockchains. interoperability would attract more value into a Blockchain Dapp bringing liquidity and users from another chain to their Dapp.
The immediate solution for enabling transfer of assets from Dapps of one Blockchain to another was Bridge Protocols.
The general working mechanism of a Cross-Chain Bridge Protocol
Therefore, Bridge Protocols are relatively new in the Blockchain space. An effective Bridge design is yet not evolved, and over time it should evolve with an industry standard set that will incorporate bridge smart contracts that are less vulnerable to hacks. There is a lot of work to be done in the area of upgrading bridge security and this will happen in time.
In Bridge Protocols, generally a crypto of a particular Blockchain is sent to the Bridge Protocol, where the crypto is locked into a smart contract. This locked crypto serves as collateral for issuance of an equivalent amount of a parallel asset that will be sent to the Blockchain it’s bridged to.
For example, ETH can be ported from Ethereum Blockchain to Solana using the Wormhole Bridge. Here, users send their ETH to Wormhole, where it will be locked in a Ethereum smart contract, while an equal amount of Wormhole wrapped ETH will be issued and released by Wormhole into the Solana Blockchain. The Wormhole wrapped ETH is the bridged ETH whose collateral is locked in Wormhole’s Ethereum Smart contract.
Huge value stored in Bridge Smart Contracts are visible in Blockchain and attract hackers
These Bridge smart contracts are a central storage point of crypto funds which are visible in Blockchain and as they hold so much value, they are lucrative targets for hackers.
Generally, there is a one central smart contract that holds crypto in Bridge Protocols. Dapp teams feel that this centralization of smart contracts makes it convenient for them to fix any issue in the Bridge immediately when required. However, this also makes it convenient for hackers to focus their efforts in exploiting that particular smart contract that can give them lucrative gains.
Measures that Bridge Protocols can take to make their platforms more secure
Image by Werner Moser from Pixabay
Well, as said hacker’s transaction flow of funds can be tracked by Blockchain Analytics firm, so hackers would not find it easy to hack and get away with the loot these days. Bridge and DEFI protocols meanwhile should work on enhancing security of their smart contract design and over time a strong smart contract framework would be established that will not have basic vulnerabilities that hackers can easily exploit.
Till that happens, every DEFI and Bridge Protocol should conduct regular audits of their smart contract code and host BUG bounties with lucrative rewards.
Bug Bounty events have coders engage in Whitehat hacking activity, where developers test a protocol’s security by checking for possible vulnerabilities in the Protocol’s smart contract code. For finding and reporting possible vulnerabilities, these Whitehat hackers are rewarded for their contribution in enhancing the security of the protocol.
Hope you all enjoyed my post on Cross-chain bridge hacks.
Thankyou for reading!!
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating to @indiaunited. We share 100 % of the curation rewards with the delegators.
Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP.
Read our latest announcement post to get more information.
Please contribute to the community by upvoting this comment and posts made by @indiaunited.
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.
Please contribute to the community by upvoting this comment and posts made by @indiaunited.
Your content has been voted as a part of Encouragement program. Keep up the good work!
Use Ecency daily to boost your growth on platform!
Support Ecency
Vote for new Proposal
Delegate HP and earn more