Hackers are having their moment in 2022, says the estimated $2 Billion figure lost to the crypto scams.
The interesting thing is that 69% of the total money looted was through successful cross-chain bridge hacks.
Nomad Bridge, Harmony Bridge, Ronin network, Wormhole, etc., are some of the notable ones among the 13 cross-chain bridges hacked this year.
What are cross-chain bridges, why are they more prone to attacks and how auditing services would lessen the possibility of attack shall be discussed in this blog.
Architecture Of Cross-chain Bridges
How to attain interoperability between different blockchains? The answer to this question pretty much explains the purpose of cross-chain bridges.
A cross-chain protocol facilitates the transfer of assets between different blockchains, acting as a bridge. For example, ETH tokens native to the Ethereum platform can be used on any other blockchain like Solana without actually swapping ETH for SOL tokens.
So, how the cross-chain transfer of assets is established?
Typically the user sends the asset to the cross-chain protocol, where the assets are locked in the bridge contract.
Funds equivalent to the locked amount in the contract are issued to the user as the native currency of the network the cross-chain protocol bridges to.
E.g. Avalanche bridge establishes the link for bridging AVAX assets with Ethereum
Wormhole bridge designed for interchanging assets between Ethereum and Solana
In a nutshell, cross-chain bridges help users to leverage the advantage of different blockchains while holding the funds as wrapped tokens.
Susceptibility Of Cross-Chain Bridges To Hacks
The surplus flow of money is a lucrative spot for hackers to launder assets. In that way, cross-chain bridges involve the locking of assets which becomes an attractive target for hackers.
The central point of storage of funds here is the contracts which are often targeted for the attacks. While the cross-chain bridges are still in their growth phase, there are unresolved technical glitches that pave the way for the increasing number of hacks.
Let’s gain some insights on cross-chain bridge hacks that happened in 2022.
Nomad bridge – $200M exploit
Nomad bridge brings about cross-chain communication and enables the transfer of tokens at a low cost across the different blockchains. The recent update to the Nomad contract introduced a new vulnerability where the zero is marked as a valid root.
This facilitated users to spoof transactions on Nomad while quickly draining off the assets from the bridge by multiple users.
Wormhole – $326M exploit
The wormhole is one of the biggest crypto heists. The attacker exploited a smart contract code vulnerability which allowed them to mint 120,000 wrapped Ethereum on Solana without placing its equivalent on Ethereum collateral.
Harmony’s Horizon bridge – $100M exploit
The attacker netted various tokens on the bridge by controlling the owner of the MultiSigWallet and accessing the confirmTransaction(). Through this, the hacker transferred a large number of tokens from the bridge, amounting to around $97M.
How To Secure Cross-chain bridge hacks?
Cross-chain bridges have become a critical component of the Web3 ecosystem. Thereby securing it is necessary to gain the user’s trust.
A golden standard for ensuring security is to perform smart contract security audits. As we can see, most of the hacks are a result of coding flaws. A thorough systematic inspection of every line of the code by other parties apart from the developers helps spot the errors.
Here are some most notable significance of performing smart contract audits
- Greater endurance to hacks
- Avoid bugs to prevent costly errors
- Safer and trustable for users to make exchanges
- Secure projects offer improved reliability
- Gain higher credibility for the project
Several high-profile projects falling victim to hacks and losing funds depict the security state of the cross-chain bridges. However, awareness of auditing practices can bring down the events of security breaches, thereby safeguarding assets.