Security is the most debatable and controversial topic when it comes to cryptocurrency and it is proven to be a concern now and then. Talking about attacks, in 2022 itself, the figure of hijacked money has gone to 1.4 Billion USD.
It is quite interesting to know among this lost amount the major share of 1 Billion USD is just hijacked by Bridge Attacks.
So, if you don’t know a thing about bridge and bridge attacks in the world of cryptocurrency, then sit back, we have everything you need to know about it.
What is a Bridge in cryptocurrency?
Like the name suggest, Bridge is a middle-way. This is a mechanism for connecting different blockchains, authorizing investors to trade one kind of coin for another. Bridges also known as Network Bridge, are made to integrate two blockchains which, generally, are not designed to integrate, for example, one owns ETH in ETH network and wants to shift to some other blockchain, let’s say BNB. You can only do that using a bridge.
Using this way, you can convert your ETH to BNB directly by paying some transaction/gas fee and move your tokens from one network to the other one.
How does it work?
The working of a bridge is simple and complex at the same time. It is its working which exposes it to numerous vulnerabilities.
When you want to bridge 1 BTC to your ETH wallet, a blockchain bridge shrink your BTC and creates an equivalent amount of such token which is compatible with the desired token.
In this case, BTC will be converted into WBTC (Wrapped Bitcoin) which is compatible with the Ethereum network. The desired amount of BTC one wants to port gets locked in a smart contract and the equivalent tokens are issued at the destination address.
Steps involved in Bridging
At the user end, this process may take a few steps:
- Select the chain you like to bridge
- Specify the amount
- Deposit the crypto to an address provided by the bridge
- After the deposit, the bridge mechanism will send another token to your address.
Types of Bridge
On a broad vision, the bridge is of two types:
- Trust-based Bridges
Trust-based bridges (federation or custodial bridges) are centralized bridges that require a central authority or panel of mediators to work. To convert coins into another token, users have to depend on the central members of the federation to verify and confirm the transaction.
- Trustless Bridges
Trustless bridges are decentralized bridges that operate on smart contracts(machine algorithms). This is used in real-life blockchains and involves no manpower at the working level. It provides a better sense of security to users.
Some recent hacks through bridges
Blockchain is becoming an important part of Web3, allowing developers to easily launch decentralised applications across blockchains, breaking down silos, which is important as the crypto space goes mainstream, but the daily news about the weak spots and regular attacks on bridges is a major concern to investors. In 2022 itself, bridge attacks suffered a loss of more than 1 billion USD.
Some of the infamous hacks are:
- Ethereum scaling solution optimism hack- $ 20 Million
- Salona Bridge Wormhole- $ 326 Million
- Harmony’s Horizon Bridge Hack- $100 Million
- Axie Infinity’s Ronin Bridge- $ 650 Million
Let’s look into the case of Harmony’s Horizon Bridge to understand more.
On June 25, Horizon bridge which converts Harmony to ETH, BTC, Binance USD, etc. was hacked. Although the BTC section was unaffected, the hack cost approx 100 Million USD.
Hackers stole numerous tokens including ETH, Binance Coin, Binance USD, Dai, Tether and whatnot.
The company came up with an explanation which says there are too many weak spots to cover.
Harmony also took the help of the FBI and other security agencies and kept a bounty of 1 Million USD on hackers.
Complexities are one of the reasons why bridges get hacked very often.
Why Bridges are so vulnerable?
For understanding this topic let’s take an example of two islands, one, where only petrol cars are allowed and the other where only CNG cars are allowed.
There is a bridge between the two islands which holds a functionality that allows you to drop your petrol car at one point and rent a CNG car for the other island. Your car would be parked as long you stay on the other island.
Here, the cars are cryptocurrencies and the bridge is the network bridge. Now hackers may take one car without parking the other through various malicious activities and steal it.
This might have given you some idea about the system. Now let us look at the technical language explaining its vulnerability:
- They handle a ton of complex requests
- Holding a lot of currency
- No standard is set about how to keep everything secure.
How do hackers hack Bridges?
Although it is explained in a simple story and language, it must not be such an easy task for hackers to get through it, after all, it is the most sizzling market today. But where there is technology there exists some bug defect/bug in it. Hackers use these methods to hijack money:
- False Deposit event
The bridge has a mechanism to check the deposit done by the user, but if the attackers are able to generate a deposit event without making a real deposit or making a deposit with a token with no value, they can withdraw the desired amount easily.
- Fake Deposit
The smart contracts validate a deposit before allowing a transfer to occur. In this method, attackers create a fake deposit that validates as a real one and beat the validation process.
- Validator takeover
Many bridges have a group of validators that poll for whether to approve a particular transaction or not. Attackers do control the majority of validators and get the fake transfer approved.
Effects of Bridge Hacks
- Along with the market, the bridge attacks have a significant impact on the bridge itself. An attack results in the withdrawal of a huge amount of money without any of the deposit in return. Hence it results in a loss of money for the bridge project.
- They can have complex effects because these bridges span various blockchain platforms. Attack on a bridge opens the window of hacks to multiple blockchains interweaved with it.
Coming to conclusion, bridges are technologies developed for convenience and efficiency but are not secure enough to the scale of the volume of currency they hold and hence undergo attacks quite regularly.
- Is investing in US stocks from India a good idea?
- Can China’s Real Estate Crisis Bring Down the Global Economy?
Hello, I am Aryan. I am passionate about writing about topics ranging from cryptocurrency and blockchain to modern developing technologies such as ML, AI, IoT, etc. Also, the collaboration of Finance and Technology attracts me.