The unbearable burden of DeFi: cross-chain bridges have become “hacker ATMs”

Of the losses from hacker attacks to date, more than 80% were stolen through vulnerable cross-chain bridges.

While gaming DApps like Axie Infinity and DeFi Kingdoms sustain entire ecosystems like Ronin and Harmony, network protocols like Fantom or Avalance have made a killing on the DeFi wave. These blockchains have become important alternatives to Ethereum’s gas fees and relatively slow transaction times. The need for an easy way to move assets between protocols on different blockchains has become more pressing than ever.

This is where the blockchain cross-chain bridge is born.

Due to the application of multi-chain scenarios, the total locked value of all DeFi DApps has soared. As of May 2022, the industry's TVL is estimated to be $111.28 billion. The huge assets locked and bridged in these DeFi DApps have attracted the attention of malicious hackers, and the latest trends indicate that attackers may have found a weak link in the blockchain bridge.

According to the Rekt database, $1.2 billion in crypto assets were stolen in the first quarter of 2022, which, according to the same source, accounts for 35.8% of all stolen funds in history. Interestingly, at least 80% of the lost assets in 2022 were stolen from chain bridges.

One of the worst attacks took place in March, when the Ronin bridge was hacked and $540 million was lost. Prior to that, more than $400 million was stolen from the Solana Wormhole and BNB Chain’s Qubit Finance bridges in 2022. The largest hack in crypto history took place in August 2021, when $610 million was stolen from the PolyNetwork bridge, but the stolen funds were later recovered.

Chain bridges are among the most valuable tools in the blockchain industry, but their interoperability presents important challenges for the projects building them.

Understanding Blockchain Bridge

Similar to the Manhattan Bridge , a blockchain bridge is a platform that connects two different network protocols, enabling cross-chain transfer of assets and information from one blockchain to another. In this way, cryptocurrencies and NFTs are not isolated in their own chains, but can be "bridged" across different blockchains, thereby increasing the utilization of these assets.

Thanks to the existence of chain bridges, Bitcoin can be used in smart contract-based networks for DeFi purposes or to allow NFL and NFTs to be bridged from Flow to Ethereum for segmentation or as collateral.

Of course, there are some other different ways to transfer assets. For example , Lock-and-Mint, as the name suggests, works by locking the original asset in the sender's smart contract, and the receiving network mints a copy of the original token on the other side. If Ether is bridged from Ethereum to Solana, the Ether in Solana is just a copy, not the token itself.

Locking and minting mechanisms | Source: MakerDAO

While the Lock-and-Mint method is currently the most popular bridge method, there are other ways to complete asset transfers, such as "burn-and-mint" or atomic swaps where smart contracts execute the assets between the two networks themselves . Connext (formerly xPollinate) and cBridge are chain bridges that rely on atomic swaps.

From a security perspective, chain bridges can be divided into two major categories: trusted and trustless. A trusted chain bridge is a platform that relies on a third party to verify transactions, but more importantly, it can act as a custodian of the bridged assets. Examples of trusted bridges can be found for almost all blockchain-specific bridges, such as Binance Bridge, Polygon POS Bridge, WBTC Bridge, Avalanche Bridge, Harmony Bridge, Terra Shuttle Bridge, and DApps such as Multichain (formerly Anyswap) or Tron's Just Cryptos.

In contrast, platforms that rely purely on smart contracts and algorithms to custody assets are trustless bridges . The security factor of a trustless bridge is tied to the underlying network that the assets are bridged to, i.e. where the assets are locked. Trustless bridges can be found in platforms such as NEAR’s Rainbow Bridge, Solana’s Wormhole, Polkadot’s Snow Bridge, Cosmos IBC, and Hop, Connext, and Celer.

At first glance, trustless bridges appear to offer a more secure option for transferring assets between blockchains. However, both trusted and trustless bridges present different challenges.

Limitations of Trusted and Trustless Bridges

Ronin Bridge is a centralized trusted platform that uses multi-signature wallets to host bridged assets. In short, a multi-signature wallet is an address that requires two or more cryptographic signatures to approve transactions. In the case of Ronin, the sidechain has nine validators and requires five different signatures to approve deposits and withdrawals.

Other platforms use the same approach, but with a better risk dispersion. For example, Polygon relies on 8 validators and requires 5 signatures. These five signatures are controlled by different parties. In the case of Ronin, the Sky Mavis team alone holds four signatures, creating a single point of failure. After the hacker controlled four Sky Mavis signatures at once, only one signature was needed to approve the withdrawal of assets.

On March 23, the attacker took control of the Axie DAO signature, the last piece needed to complete the attack. In the second-largest crypto attack ever, 173,600 ETH and 25.5 million USDC were lost from Ronin’s escrow contracts in two different transactions. It’s also worth noting that the Sky Mavis team didn’t discover the hack until nearly a week later, which suggests that Ronin’s monitoring mechanisms are at least somewhat imperfect, and it reveals a flaw in this trusted platform.

While centralization presents a fundamental flaw, trustless chain bridges are also vulnerable to attacks due to bugs and vulnerabilities in software and coding.

Solana Wormhole, a platform that enables cross-bridge transactions between Solana and Ethereum , was attacked in February 2022, and $325 million was stolen due to a vulnerability in Solana's custody contract. A vulnerability in the Wormhole contract allowed hackers to design cross-chain validators, and the attacker sent 0.1 ETH from Ethereum to Solana to trigger a set of "transfer messages" to induce the program to approve the transfer of a supposed 120,000 ETH deposit.

The Wormhole hack occurred after Poly Network lost $610 million in August 2021 due to flaws in contract classification and structure. Cross-chain transactions in this DApp are approved by a centralized group of nodes called "Guardians" and verified on the receiving network through the gateway contract. In this attack, the hacker was able to gain privileges as an administrator, thereby deceiving the gateway by setting his own parameters. The attacker repeated the process in Ethereum, Binance, Neo, and other blockchains to extract more assets.

All bridges lead to Ethereum

Ethereum remains the most dominant DeFi ecosystem in the industry, accounting for nearly 60% of the industry’s TVL. At the same time, the rise of these different network protocols as alternatives to Ethereum DeFi DApps has also triggered cross-chain activities of blockchain bridges.

The largest bridge in the industry is the WBTC bridge, hosted by BitGo, Kyber, and Republic Protocol, the team behind RenVM. Since Bitcoin tokens are technically incompatible with smart contract-based blockchains, the WBTC bridge "wraps" native Bitcoin, locks it in a bridge escrow contract, and mints its ERC-20 version on Ethereum. The bridge became popular during the DeFi Summer (so-called "DeFi summer" since the DeFi market has experienced amazing growth since the summer of 2020) and now holds about $12.5 billion worth of Bitcoin. WBTC allows BTC to be used as collateral for Dapps such as Aave, Compound, and Maker, or to generate yield or earn interest in multiple DeFi protocols.

Multichain, formerly Anyswap, is a DApp that provides cross-chain transactions to more than 40 blockchains through built-in chain bridges. Multichain holds $6.5 billion based on all connected networks. However, Ethereum's Fantom bridge is by far the largest pool, with $3.5 billion locked. In the second half of 2021, Proof-of-Stake networks have become a popular DeFi space due to attractive yield farms, including FTM, various stablecoins or wETH like those found on SpookySwap.

Unlike Fantom, most L1 blockchains use independent direct bridges to connect networks. The Avalanche bridge is mainly hosted by the Avalanche Foundation and is the largest L1<>L1 bridge. Avalanche is one of the most powerful DeFi fields as it has Dapps including Trader Joe, Aave, Curve, and Platypus Finance.

Binance Bridge also stands out with $4.5 billion in locked assets, followed closely by Solana Wormhole with a TVL of $3.8 billion.

Likewise, scaling solutions such as Polygon, Arbitrum, and Optimism are among the most important bridges in terms of TVL. The Polygon POS bridge, the main entry point between Ethereum and its sidechains, is the third largest bridge, hosting nearly $6 billion. Meanwhile, the liquidity of chain bridges of popular L2 platforms such as Arbitrum and Optimism is also rising.

Another bridge worth mentioning is the Near Rainbow bridge, which aims to solve the well-known interoperability trilemma (decentralization, scalability, security). This platform connecting Near and Aurora to Ethereum may provide valuable opportunities for the security of trustless chain bridges.

How to improve cross-chain security

As two methods of custodial bridge assets, both trusted bridges and trustless bridges are prone to fundamental and technical flaws. Nevertheless, there are still ways to prevent and reduce the impact of malicious damage to the blockchain by hackers.

In the case of a trusted bridge, it is clear that the ratio of required signers needs to be increased while also having multi-signatures distributed across different wallets. Although trustless bridges eliminate the risks associated with centralization, there are still risk scenarios of vulnerabilities and other technical limitations, as shown in the Solana Wormhole or Qubit Finance exploit cases. Therefore, it is necessary to implement off-chain actions to protect the cross-chain platform as much as possible.

Collaboration between protocols is necessary. The Web3 space is characterized by its community federation, so it is a great pleasure to have the smartest minds in the industry working together to make the space a safer place . Animoca Brands, Binance, and other Web3 brands raised $150 million to help Sky Mavis mitigate the financial crisis caused by the hack of the Ronin bridge. By working together, collaboration can bring interoperability to a new level for a multi-chain future.

Likewise, coordinated collaboration with chain analysis platforms and CEXs helps track and mark stolen tokens. This situation could discourage criminals in the medium term, as gateways for cashing out cryptocurrencies into fiat currencies should be controlled by KYC procedures in established CEXs. Last month, two 20-year-olds were sanctioned after committing fraud in the NFT space. It would be fair to demand the same punishment from identified hackers.

Audits and bug bounties are also another way to improve the security posture of any Web3 platform, including bridges. Certification organizations such as Certik, Chainsafe, Blocksec, etc. help make Web3 interactions more secure. All bridge activity should be audited by at least one certifying organization.

At the same time, bug bounty programs create synergies between projects and their communities. White hackers play a vital role in identifying vulnerabilities before other hackers carry out malicious attacks. For example, Sky Mavis recently launched a $1 million bug bounty program to strengthen the security of its ecosystem.

in conclusion

The proliferation of L1 and L2 solutions challenges the Ethereum DApp ecosystem as a whole blockchain system. Their proliferation has created a need to move assets between networks through cross-chain. This is the essence of interoperability and one of the pillars of Web3.

Nonetheless, the current interoperable scenarios rely on cross-chain protocols rather than a multi-chain approach, something Vitalik sounded off on earlier this year. While the need for interoperability in the space is clear, there is still a need for stronger security measures in such platforms.

Unfortunately, challenges will not be easily overcome. Both trusted and trustless platforms have design flaws. These inherent cross-chain flaws have already become apparent. Of the $1.2 billion lost in hacks to date, over 80% was stolen via vulnerable bridges.

In addition, as the value of the industry continues to increase, hacker techniques are becoming more and more powerful. Traditional network attack methods such as social engineering and phishing attacks have become a thing of the past in Web3.

A multi-chain approach where all token versions correspond to each blockchain locally is still a long way off. Therefore, cross-chain platforms must learn from past experiences and strengthen process supervision to minimize the success of hacker attacks.