Lessons from the theft of over $600 million from the Ronin cross-chain bridge

A few years ago, a term called "gray rhino" was popular. Different from the term "black swan" which describes unexpected events, gray rhino refers to dangers that everyone can see, but no one knows when the danger will suddenly rush towards them and knock them off their feet, so everyone pretends to ignore it until the day the crisis occurs.

As early as this year, on January 8, 2022, Ethereum founder Vitalik expressed "pessimism about cross-chain applications". He said: "A 51% attack on even a single chain is difficult and costly. However, the more cross-chain bridges and applications are used, the more serious the problem becomes. No one will conduct a 51% attack on Ethereum just to steal 100 Solana-WETHx. But if there are 10 million ETH or SOL in the bridge, the motivation to attack becomes higher, and large mining pools may coordinate well to attack. Therefore, cross-chain activities have an anti-network effect: although it does not happen often, it is quite safe, but the more times it happens, the greater the risk."

Axie Infinity, the blockchain game masterpiece that was popular on the entire Internet last year, developed its own side chain Ronin to solve the problem of high fees for using the Ethereum main chain.

The so-called sidechain is different from layer-2. A sidechain is actually an independent chain that guarantees its own security. The security of assets on layer-2 is guaranteed by the main chain on layer-1.

However, the biggest security risk lies not in the sidechain itself, but in the "cross-chain bridge" connecting the sidechain and the main chain. As the name suggests, the cross-chain bridge is to allow users to transfer assets from the main chain to the sidechain, or from the sidechain to the main chain.

For example, if a user has 10 ETH on the Ethereum network, he can transfer the 10 ETH to the Ronin sidechain through the Ronin cross-chain bridge. But please note, are the real - I mean real - ETH really transferred to the sidechain? In fact, no. They are still stranded on the Ethereum network and are locked on the Ethereum side of the Ronin cross-chain bridge.

Here's a rough idea:

Before cross-chain: 10 ETH ---Ethereum network--- ( )===Cross-chain bridge===( ) ---Side chain---

After cross-chain: ( ) ---Ethereum network--- (10 ETH)===Cross-chain bridge===(10 xETH) ---Side chain---

The so-called cross-chain is not actually to "cross" the real assets to the other side of the bridge, but to lock the real assets at one end of the bridge, and generate an "IOU" out of thin air at the other end of the bridge, with the same face value as the locked real assets.

Usually, this "white bar" will add a prefix in front of the name of the real asset to distinguish it, just like xETH in the diagram above. Of course, there are also many side chains and second layers that do not like to add prefixes, so the "white bar" is still called ETH. The purpose of this may be to confuse users and make them feel as if ETH has really been crossed.

But the real ETH is not transferred. Holding 10 "IOUs" xETH only represents a debt, which means that the cross-chain bridge owes you 10 ETH. You can always take 10 xETH to the bridge to exchange for 10 ETH on Ethereum.

What if the cross-chain bridge is attacked or stolen? Then it may not be able to repay your 10 ETH. The "IOU" xETH in your hand will be reduced to zero overnight.

The problem is that the more popular a cross-chain application is, the more people use it, the larger the cross-chain funds are, the more real assets are locked in the cross-chain bridge, and the more attractive it is to hackers!

A cross-chain bridge that no one cares about, with only 10 ETH locked in it, few hackers are interested in working on it. But popular applications like Axie Infinity and Roin are completely different. The cross-chain bridge locks hundreds of millions of dollars of assets, especially hard currencies ETH and USDC.

This is simply like putting the gold outside an open-air square and covering it with a glass cover for display all day long, for fear that no bandit would know that there is a huge amount of gold here.

What's even worse is that only 5 security guards out of the 9 on-duty security guards were sent to patrol and guard.

Just overnight on March 29, Axie Infinity sidechain Ronin announced that its validator node had been hacked, and 173,600 ETH and 25.5 million USDC had been stolen, with a total amount of more than US$600 million.

At present, the ETH and USDC deposits on Ronin have been exhausted from the bridge contract. As for their claim that AXS and SLP are still safe, that is meaningless, because they are all their own coins, which hackers don’t care about. What hackers want is hard currency such as ETH and USDC.

Ronin has 9 verification nodes, and 5 signatures are enough to withdraw money from the bridge. Axie Infinity and Ronin's development team Sky Mavis run a lot of nodes themselves, but this time 4 of its own nodes were hacked. In addition, Axie DAO ran a third-party node that was also hacked. 4 + 1 = 5. The hacker collected the withdrawal password and took away all the money.

You said it was because Sky Mavis didn’t make the nodes more dispersed and decentralized? It is not necessarily safer to let others run it. The third party’s security awareness and protection capabilities may not be strong.

The root cause of this is the inherent defects of the decentralized architecture such as super nodes. The number is too small, usually only a few or a dozen; the security requirements are high, there is no computing power protection, and only traditional key protection measures can be relied on; once it is lost, hackers have great power and can do almost anything they want.

Compare this to Bitcoin's PoW mechanism. The network is protected by computing power, not the keys, signatures, and security of a few node machines. Even if a hacker breaks into one or two miner nodes, or even controls more than half of the computing power, he can only review and block specific transactions, but cannot steal other people's Bitcoins or issue Bitcoins at will. The cost of attack is high, and the benefits of attack are small.

The sidechain cross-chain bridge is just the opposite, with low attack costs and high attack benefits.

How do hackers choose?

The security of the cross-chain bridge is like a black rhino. You never know when it will explode, but you know that as long as you are there, it will explode sooner or later.

As Murphy's Law says, if something bad can happen, it will happen.

Life is like a box of colorful chocolates. You never know what color the next one will be. But one thing is for sure: sooner or later, all the chocolates will be eaten.