Blockchain Platforms have to equip themselves to deal with the challenges of Bridge Protocol hacks

Most hacks on Blockchain this year were on Cross-chain Bridge Protocols

This year was dominated with a good share of cross-chain protocol bridge hacks. Just a few weeks back, the Nomad bridge was hacked with 200$ million worth of value having been stolen, before which we had Axie Infinity’s Rohan side-chain which facilitated transactions to and from the Ethereum Blockchain get hacked with 622$ million worth of value stolen from the bridge. The Wormhole bridge too was hacked with a theft amounting to 320$ million.

It’s true that this year, hackers are focused on stealing cryptos from bridge protocols.

Source

Huge value hacks from cross-chain bridges poses a challenge to Blockchain developers

Mainstream Blockchain security services firm Chainalysis has published a report explaining that this year most of the hacks on Blockchain have been on cross-chain bridge protocols, which has accounted for 69% of the Blockchain hacks so far this year. About 2$ Billion value worth of cryptos in total have been hacked cumulatively.

Obviously, such gross amounts of hacks in cross-chain bridges is a concern which poses a threat to Blockchain adoption and confidence.

Source

Hackers have a hard time cashing out as they can be tracked by Blockchain Analytics firms

Although these days there are a number of Blockchain security firms that can track the flow of the stolen funds by the hackers and prevent them from cashing out. This is because Blockchain is transparent and the transaction flow of funds can be tracked by Blockchain Analytics firms like Chainalysis, Elliptic etc.

Nowadays, it is very common for team members of hacked Defi protocols to negotiate with hackers for return of stolen funds, and there have been instances where hackers have returned back the stolen funds knowing that it's difficult to cash out, and they are at a risk to get tracked down by Blockchain analytics firms. This is good news of course.

Understanding why Hackers are now targeting Bridge Protocols for their loot

Let’s understand why Bridge protocols attract hacker’s attention.

Bridges were the immediate way for bringing about interoperability in the Blockchain Ecosystem

Just a year or two back, we did not have a solution for Blockchain interoperability, meaning cryptos could not be moved from one Blockchain to another.

However, interoperability was needed, to integrate the Blockchain ecosystem as each Blockchain functioned in a siloed fashion being isolated from other Blockchains. interoperability would attract more value into a Blockchain Dapp bringing liquidity and users from another chain to their Dapp.

The immediate solution for enabling transfer of assets from Dapps of one Blockchain to another was Bridge Protocols.

The general working mechanism of a Cross-Chain Bridge Protocol

Therefore, Bridge Protocols are relatively new in the Blockchain space. An effective Bridge design is yet not evolved, and over time it should evolve with an industry standard set that will incorporate bridge smart contracts that are less vulnerable to hacks. There is a lot of work to be done in the area of upgrading bridge security and this will happen in time.

In Bridge Protocols, generally a crypto of a particular Blockchain is sent to the Bridge Protocol, where the crypto is locked into a smart contract. This locked crypto serves as collateral for issuance of an equivalent amount of a parallel asset that will be sent to the Blockchain it’s bridged to.

For example, ETH can be ported from Ethereum Blockchain to Solana using the Wormhole Bridge. Here, users send their ETH to Wormhole, where it will be locked in a Ethereum smart contract, while an equal amount of Wormhole wrapped ETH will be issued and released by Wormhole into the Solana Blockchain. The Wormhole wrapped ETH is the bridged ETH whose collateral is locked in Wormhole’s Ethereum Smart contract.

Huge value stored in Bridge Smart Contracts are visible in Blockchain and attract hackers

These Bridge smart contracts are a central storage point of crypto funds which are visible in Blockchain and as they hold so much value, they are lucrative targets for hackers.

Generally, there is a one central smart contract that holds crypto in Bridge Protocols. Dapp teams feel that this centralization of smart contracts makes it convenient for them to fix any issue in the Bridge immediately when required. However, this also makes it convenient for hackers to focus their efforts in exploiting that particular smart contract that can give them lucrative gains.

Measures that Bridge Protocols can take to make their platforms more secure

Image by Werner Moser from Pixabay

Well, as said hacker’s transaction flow of funds can be tracked by Blockchain Analytics firm, so hackers would not find it easy to hack and get away with the loot these days. Bridge and DEFI protocols meanwhile should work on enhancing security of their smart contract design and over time a strong smart contract framework would be established that will not have basic vulnerabilities that hackers can easily exploit.

Till that happens, every DEFI and Bridge Protocol should conduct regular audits of their smart contract code and host BUG bounties with lucrative rewards.

Bug Bounty events have coders engage in Whitehat hacking activity, where developers test a protocol’s security by checking for possible vulnerabilities in the Protocol’s smart contract code. For finding and reporting possible vulnerabilities, these Whitehat hackers are rewarded for their contribution in enhancing the security of the protocol.

Hope you all enjoyed my post on Cross-chain bridge hacks.

Thankyou for reading!!