Cross-chain bridge has become the biggest security risk in the industry Why and what to do

This article is from Chainalysis

Following the Nomad cross-chain bridge attack this week, Chainalysis estimates that $2 billion in cryptocurrency has been stolen from cross-chain bridges so far this year, involving 13 attacks, with attacks targeting cross-chain bridges accounting for the total stolen funds 69%.

Cross-chain bridge has become the biggest security risk in the industry, why and what to do

This is a major threat to the establishment of trust in blockchain technology. As more and more value flows through cross-chain bridges, they become more attractive targets for hackers. Cross-chain bridges are also now a prime target for North Korea-related hackers, who have stolen roughly $1 billion worth of cryptocurrency so far this year, by our estimates, all from cross-chain bridges and other DeFi protocols.

The good news is that these platforms can take steps to protect themselves. In the case of a hack, they can use the transparency of blockchain technology to investigate the flow of funds and ideally prevent attackers from cashing out their ill-gotten gains.

What is a cross-chain bridge protocol?

The purpose of cross-chain bridges is to solve interoperability challenges between different blockchains. Cross-chain bridge protocols allow users to transfer assets from one blockchain to another. For example, Wormhole is a cross-chain bridge protocol that allows users to transfer cryptocurrencies and NFTs between various smart contract blockchains such as Solana and Ethereum.

While the design of cross-chain bridges varies, users typically interact with cross-chain bridges by sending funds from their assets to the cross-chain bridge protocol, which are then locked in the contract, which is then issued to the user by the protocol cross-chain to the cross-chain bridge protocol. Equivalent funds of the same asset on the chain. In the Wormhole example, users typically send ETH to the protocol, which is held as collateral, and is issued on Solana as Wormhole-wrapped ETH, with collateral locked in a Wormhole contract on Ethereum support.

Why do cross-chain bridges always have accidents?

Cross-chain bridges are an attractive target because they typically have a central store of funds that supports receiving “cross-chain” assets on the blockchain. Regardless of how these funds are stored (locked in smart contracts or through a centralized custodian), this storage point can be targeted by hackers. Furthermore, efficient cross-chain bridge design remains an unsolved technical challenge, with many new models being developed and tested. As best practices evolve over time, these different designs present new attack vectors that can potentially be exploited by hackers.

What can the crypto industry do?

Just a few years ago, centralized exchanges were the most common target of hackers in the industry. Today, there are very few cases of successful attacks on centralized exchanges. This is because there is always a search for the newest and most vulnerable platforms to attack.

While not foolproof, a critical first step in addressing these kinds of problems may be to make extremely rigorous code reviews the gold standard in DeFi, both for protocol builders and for investors evaluating protocols. The most robust and secure smart contracts can serve as templates for developers to build over time.

Cryptocurrency services (including cross-chain bridges) should invest in security measures and training. For example, sophisticated social engineering tactics that exploit human trust and carelessness to infiltrate corporate networks have long been a popular attack method for North Korea-linked hackers. Crypto teams should be trained on these risks and warning signs. At the same time, the speed of response is also critical when falling victim to an attack.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-04 10:26
Next 2022-08-04 10:27

Related articles