Cross-chain bridges have emerged as a major vulnerability in crypto with 69% of all funds stolen in crypto in 2022 being stolen from bridges, a new Chainalysis report has revealed.
The total funds lost to cross-chain hacks so far in 2022 totals $2 billion.
The report notes that hackers linked to North Korean state machinery have made cross-chain bridges a target, stealing more than $1 billion worth of cryptocurrencies from bridges and DeFi protocols.
Cross-chain bridges are a solution developed to create interoperability between two or more chains by letting users make transactions across blockchains that have different token standards. One example of a bridge is Wormhole which enables people to exchange NFTs and cryptocurrencies across Solana and Ethereum.
Users typically send Ether (ETH) to the Wormhole protocol, where it is held as collateral, and are issued Wormhole-wrapped ETH on Solana, backed by that collateral locked in the Wormhole contract on Ethereum
Other examples include:
- Binance Bridge
- Celer cBridge
- Ren Bridge
- Polygon POS Bridge
When someone has token / crypto assets that they can’t make use of on a certain blockchain, say $SOL, the bridges come in handy since they receive these incompatible assets and give a user an equivalent amount of assets that they can use on their choice blockchain, for example exchanging $ETH for $SOL.
What makes cross-chain bridges so vulnerable to attacks?
According to Chainalysis, the bridges are an attractive target because they often feature a central storage point of funds that back the ‘bridged’ assets on the receiving blockchain.
Moreover, Chainalysis also points out that novel technical designs that are implemented by these protocols have made them vulnerable. A lack of refined best practices, which take time to develop, is thus a key vulnerability.
The analysis comes after one such bridge, called Nomad, suffered an attack that saw over $200 million stolen from its wallets in August 2022. Reports suggest that Nomad made an update to one of its smart contracts, leading to a vulnerability which made it possible for people to withdraw money that wasn’t theirs.
In April 2022, Ronin bridge, which supports the Play-to-Earn (P2E) game, Axie Infinity, lost cryptocurrency worth over $600 million in what is on record as the largest attack in DeFi history.
This came in after Wormhole lost $320 million worth of Ether to a single hacker in February 2022.
Below is a summary breakdown of key cross-chain hacks so far in 2022:
- February – $320 million (Wormhole)
- April – $622 million (Ronin)
- August – $200 million (Nomad)
Chainalysis recommends the following industry best practices to reduce cross-chain hacks:
- Rigorous code audits to become the gold standard for DeFi
- Investment in security measures and training
- Rapid response to immediately trace and label hacked funds