The Exploitation of Bridges Will Result in a $2 Billion Loss in 2022, This Could Have Been Averted
Bridges are more vulnerable to hacks than cryptocurrency networks themselves as we transition to a multi-chain future. In 2022, token bridge exploits stole over $2 billion worth of assets. Even worse, all of these thefts could have been prevented by implementing multiple security measures.
By examining the attacks of 2022, we can better understand some of the system’s biggest vulnerabilities, as well as the security measures that are either already available or are being developed to counter them.
Social Engineering
Security breaches are most commonly caused by social engineering attacks. Social engineering attacks are the most common form of security breaches.
Martin Koppelmann, co-founder Gnosis.
Hackers used similar methods to steal funds in the biggest bridge scam of 2022. Hackers used a phishing scam containing fake LinkedIn job listings to hack the blockchain of Axie Infinity, a high-profile crypto game.
Sky Mavis said that its employees were targeted with fake job offers and even made to participate in several rounds of applications. Hackers accessed Sky Mavis Ronin Network systems after employees fell for the bait. They stole $625 million. Sky Mavis revealed in a postmortem review of the bug that it was a victim of spear phishing.
Compromised private keys
Wintermute (an algorithmic market maker) was hacked for $160,000,000 in September 2022, most likely due to a vulnerability in the private keys generated by Profanity.
The hot wallet private key was used to withdraw funds. The company did not take the reports seriously.
The hacking of Slope was also attributed to a similar cause, resulting in a $6 million loss for the company.
Smart Contract Errors
Smart Contracts are programs stored in a blockchain that are activated when certain predetermined criteria are met. This is the confirmation that a website receives after you have added an item to your shopping cart and paid for it. Hackers can exploit a flaw in a contract to trigger illegal money transfers without meeting any conditions.
Hackers were able to siphon nearly $200 million in funds from the Nomad Bridge after discovering a flaw in the smart contract that allowed anyone with a basic knowledge of the code to withdraw funds.
It is alarming that hackers are so openly exploiting these vulnerabilities and bugs. But what’s even more troubling is the fact that “trustworthy systems” that people had never thought of using were also so easy to exploit.
Several security measures are the solution
Bridge standards are rules that describe how different blockchain networks communicate with each other, in this case via a cross-chain interface. Some of these protocols are vulnerable to exploitation. In combination, however, they offer additional security.
Developers can counteract vulnerabilities in one protocol by using another protocol. We’ll look at some cryptographic standards that can be combined to provide additional layers of protection.
Multi-Signature and Rejects
Before a transaction is executed, the technology uses multiple signatures or approvals. It can be used to prevent unauthorized access to networks and ensure that nobody is in control.
The Committee Bridge Standard is a set of standards that use a committee of trusted entities to manage the security of a bridge. Members are responsible for approving and monitoring network transactions. When multiple organizations need to share a network, committees can be beneficial.
Zero Knowledge
Zero Knowledge (ZK), a cryptographic technique, allows two parties to exchange information without disclosing any information other than what is required.
By integrating ZK models, developers can use light clients to verify on-chain transactions. Zero-knowledge proof systems and the “succinctness” property of a ZK-SNARK can be used to efficiently perform verification using light clients on-chain. For maximum security it is possible to verify state transitions as well as consensus in the chain, just like the execution of a Full node.
On-chain light clients use ZKP to check if the status is valid. The target chain can examine the evidence without knowing the status of the original chain. On-chain light clients are a great way to increase security and scalability for blockchains. By checking on the target blockchain, the target chain will have more confidence in the accuracy of the state of the source chain. It can be used to prevent fraud and other malicious activities while scaling the network. ZK, for example, can be used to prove that the wallet owner authorized a transaction without revealing the private key.
Optimistic
Some bridges take an “optimistic” approach to verifying transactions. Instead of immediately verifying every transaction on the blockchain, Optimistic Bridges assume every transaction is valid and reward additional participants for reporting fraudulent transactions. Funds will be released at the end of the challenge period. The optimistic bridges are therefore mathematically safe, but not game-theoretically. They depend on the attention of others. All of this is taken from the user by additional liquidity providers who independently verify the validity of the bridging claims. They then make the funds instantly available on the other chain for a small fee.
Optimistic bridges can be very secure even if they don’t verify every transaction immediately. They use the “challenge and dispute” method. If a user believes that a transaction was processed incorrectly, they can dispute the transaction. The bridge will then investigate.
The challenges of multiple bridge standards
The combination of standards provides the highest level of security. If one standard has a bug or vulnerability, the other standards can still protect the network.
Note that bridges are still dependent on the networks they connect. A bridge is only as secure as the networks it connects.
Secure access to the multi-chain universe
We need bridges to allow unrestricted access to our multi-chain world. But we need to strengthen them in innovative ways to reduce attack points. Blockchain technology was designed to give strangers the ability to make direct and immutable decisions. The more we use the network available to us, the stronger our bridges become.