Hackers Tap Cross-Chain Bridges Vulnerabilities; Whopping US$2B Worth of Crypto Stolenby Fintechnews Switzerland September 2, 2022
Hackers and cybercriminals are exploiting vulnerabilities found in cross-chain bridge protocols to siphon billions of dollars worth of cryptocurrencies out of wallets and smart contracts, a new report by blockchain analytics firm Chainalysis claims.
A total of 13 separate cross-chain bridge hacks have been recorded so far, netting criminals about US$2 billion, according to the firm. Most of these attacks took place this year, showing that the trend is proliferating and becoming a top security risk in the crypto industry.
Attacks on bridges account for 69% of total funds stolen in 2022 so far, totaling around U$1.4 billion, estimates Chainalysis. The biggest single event was the US$615 million haul snatched from the Ronin bridge in March 2022. Ronin is an Ethereum sidechain developed for the popular non-fungible token (NFT) game Axie Infinity.
Another major heist this year was Wormhole’s US$320 million hack in February. Wormhole is one of the most popular bridges linking Ethereum and Solana, allowing users to move their tokens and NFTs from one blockchain to the other.
And just last month, attackers drained the Nomad cross-chain bridge token bridge of nearly US$200 million worth of crypto. Nomad, which marketed itself as more secure than competing bridges, closed a US$22.4 million seed funding round in July at a US$225 million valuation. Backers included Coinbase’s venture capital (VC) arm and NFT marketplace OpenSea.
Cross-chain bridges are protocols that let user port digital assets and data from one blockchain to another. Their design and specificities vary but most protocols on the market right now work by “wrapping” tokens in a smart contract and issuing native assets to be used on the other blockchain.
Wrapped BTC (wBTC), for example, is an ERC-20 token on the Ethereum blockchain that use bitcoin as collateral. Users first need to send BTC to a “merchant,” who then initiates the minting of new wBTC tokens. These tokens are then send to the user who can use them on the Ethereum network to interact with Ethereum-based decentralized apps (DApps) and other services.
To redeem BTC for wBTC, a “burn transaction” is initiated by the merchant where the wBTC tokens are permanently pulled out of circulation and the user gets the equivalent amount of BTC in return.
Since cross-chain bridges essentially work as liquidity providers, collecting funds and locking them into a central point of storage, they have become an attractive target for criminals.
Chainalysis estimates that North Korean-linked hackers have stolen approximately US$1 billion worth of cryptocurrency so far this year, entirely from bridges and other decentralized protocols.
Cross-chain bridges have risen in popularity this past year amid soaring crypto trading activity. During the market frenzy of late 2021/early 2022, total valued locked (TVL) in Ethereum bridges crossed the US$20 billion mark, rising more than 28x from the US$700 million TVL recorded in May 2021, data compiled by Dmitriy Berenzon, a research partner at blockchain angel fund 1kx, show.
According to Dezentralizedfinance.com, a platform that provides NFT and DeFi data and analytics, here are currently about 75 cross-chain bridges in operation.
Featured image credit: Edited from freepik