Since the beginning of the year in 2022, only 5 cross-chain bridge attacks have resulted in a loss of $1.317 billion – this figure is 57% of the total asset loss in the Web 3.0 industry due to hacking, fraud, vulnerabilities and other incidents in 2022 .
The reason why the loss of the cross-chain bridge attack is so huge is because of its own inherent security loopholes and the lack of professional awareness and relevant theoretical knowledge of defense attacks in the entire field.
The top three cross-chain bridge attacks were: Ronin Network, causing a loss of $624 million; Solana cross-chain bridge project Wormhole, causing a loss of $326 million; Nomad, causing a loss of $190 million.
This article will discuss with you the security problems and solutions of cross-chain bridges by analyzing the five representative Nomad Bridge attacks that occurred this year .
Cross-chain bridge security
Before analyzing these attacks, we need to clarify the inherent security problems of cross-chain bridges.
Vitalik Buterin once wrote on Reddit that he is pessimistic about cross-chain applications because of the impact of the 51% attack. Beyond that, however, there are more issues to consider.
In a Twitter video posted on July 22, 2022 (https://twitter.com/nomadxyz_/status/1550525582714097664), Nomad founder James Prestwich explained why the industry generally lacks a security model for cross-chain applications expertise, and why it took a year to acquire expertise on these standards.
For individual users, it is difficult to transfer assets from one blockchain to another, so cross-chain bridges must be used to do so. The principle of the cross-chain bridge protocol is that users deposit tokens on the A chain, and then receive debt tokens on the B chain . Once the debt tokens of the B chain are destroyed, the tokens stored in the A chain will be released.
In order to achieve this, the cross-chain bridge needs to implement several functions: custody of tokens deposited by users, release of debt tokens to users, and oracles that send messages between different chains. This makes cross-chain bridges more vulnerable in terms of security – there are so many places where hackers can start.
All roads lead to cross-chain bridges. For hackers, how can they easily refuse such a quick and rich attack channel? The consequences of the attack are not just the loss of deposits. Once the cross-chain bridge has a vulnerability or is attacked, the tokens of the entire cross-chain bridge will likely lose all value .
The Ronin Network breach is the largest DeFi breach ever.
At the end of March, the CertiK audit team detected that the Ronin Network, the side chain of the NFT game Axie Infinity, was attacked, resulting in a loss of 173,600 ETH and 25.5 million USDC worth about $624 million .
The Ronin Network needs to verify five signatures out of nine validating nodes . The attacker hacked 4 Sky Mavis private keys and created 5 legitimate signatures, namely: 4 Sky Mavis validators and 1 third-party validator run by Axie DAO.
This resulted in the destruction of 5 validator nodes, and an advanced spear phishing attack was to blame.
Solana Cross-Chain Bridge Project Wormhole
At 1:58 a.m. on February 3, 2022, Beijing time, the CertiK audit team detected that the Solana cross-chain bridge project Wormhole was attacked .
In this incident, the attacker bypassed the system verification step by injecting a deceptive sysvar account and successfully generated a malicious “message” specifying that 120,000 wETH were to be minted. Finally, the attacker successfully minted 120,000 wETH worth about $326 million by calling the “complete_wrapped” function with a malicious “message” .
Two minutes after minting, the attacker bridged 10,000 ETH to the Ethereum chain, and about 20 minutes later, another 80,000 ETH transactions were generated on the Ethereum chain. To this day, the funds are still in the attacker’s wallet.
The amount of damage caused by the incident made it the second-largest hacking incident in the history of the cross-chain bridge.
At 19:06:46 on June 23, 2022 Beijing time, the CertiK audit team detected that the cross-chain bridge between Harmony Chain and Ethereum has experienced multiple malicious attacks .
According to the analysis by security experts of the CertiK team, the attack may have originated from the hacker’s possession of the owner’s private key – the owner of the MultiSigWallet controlled by the attacker directly called confirmTransaction() to transfer a large number of tokens from Harmony’s cross-chain bridge, causing the Harmony chain Assets worth approximately $97 million were stolen and the funds were later transferred to Tornado Cash.
The attack involved 12 transactions worth about $50,000 to more than $41.2 million and 3 attack addresses, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH and FRAX.
The Qubit attack that occurred at the beginning of the year is also a typical cross-chain bridge vulnerability incident.
On January 27, 2022, the CertiK audit team detected an attack on Qubit, resulting in a loss of approximately $80 million .
The attacker invoked the QBridge contract, causing the bridge contract to generate a false proof of time that the attacker had deposited without providing any cryptocurrency.
ETH and ERC-20 deposits share the same proof of event , thus allowing an attacker to call this function to generate a fake proof of event for ETH deposit by exploiting the fact of a non-existing ERC20 deposit, and thereby withdraw ETH on the other chain. Thus, the attacker passed the QBridgeHandler proof without sending any tokens to the contract and minted about 77,162 qxETH on the cross-chain. The hackers then deposited the stolen funds into Tornado Cash.
On August 2, 2022, Beijing time, the CertiK security team detected an attack on the Nomad Bridge , resulting in losses worth about $190 million .
The problem with the contract is that “committedRoot” is set to address 0x00 when the initialize() function is called. Therefore, the attacker can transfer the tokens in the bridge contract through the verification of the message. The total value locked plummeted from $190 million to $12,000 — essentially allowing an attacker to deposit 1 ETH on chain A and receive 100 ETH on chain B.
The magic of this vulnerability is that there doesn’t appear to be a single direct attacker. But at least 41 wallets participated in this attack, and we can consider it the first “group crime” in the Web3.0 world . Perhaps it is for this reason that attackers can easily withdraw funds from the bridge.
The first suspicious transaction took place at 5:32AM on August 2nd, 100wBTC (worth about $2.2 million) was transferred to 0x56d8… We can observe that the coins continue to move like crazy from here.
Such vulnerabilities are also attracting past Web 3.0 hackers like the Rari Capital attackers.
Another interesting point is that another malicious actor tried to conduct a phishing attack on the hacker of this incident. The EOA who held ENS nomadexploiter.eth sent the on-chain information to the hacker EOA and registered on August 2nd. Posing as Nomad to negotiate with hackers:
Nomad tweeted that it wasn’t their job
write at the end
The vulnerabilities of these attacks continue to remind us that the damage caused by cross-chain bridge vulnerabilities is extremely large .
The Web3.0 world is in urgent need of more secure and wider cross-chain applications. Vulnerabilities of the same nature may appear more and more frequently in the future.
The least we can do is to ensure that the project code is thoroughly tested and security audited, which will greatly increase the resistance to highly destructive hacking attacks.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/the-total-loss-of-5-cross-chain-bridge-vulnerability-attacks-has-exceeded-1-3-billion-us-dollars-who-will-pay-for-this-sky-high-price/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.