By now we’ve all heard of the recent exploits on various Defi protocols. What is even more interesting is the fact that a majority of these exploits have taken place on blockchain bridges.
Why are hackers targeting blockchain bridges? What makes them so susceptible to hacks and exploits? Well, let’s find out. But first, let’s get the obvious questions out of the way.
What is a blockchain bridge?
A blockchain bridge is a platform that allows you to transfer assets from one blockchain to another, addressing one of the most common issues with blockchains: interoperability. Due to the incompatibility of blockchain assets, bridges construct synthetic derivatives that reflect an asset from another network.
Now there are different types of blockchain bridges.
Unidirectional or one-way bridges allow you to transfer assets just to the destination blockchain and not the other way around. Wrapped Bitcoin, for example, allows users to transmit Bitcoin to the Ethereum blockchain — converting BTC to an ERC-20 stablecoin – but does not allow users to send Ether to the Bitcoin network.
Bidirectional bridges, such as Wormhole and Multichain, on the other hand, allow both ways of transfer of assets. Users can transfer Ether to Solana, while also allowing users to send Solana to Ethereum’s blockchain.
Bridges can also be custodial (centralized) or non-custodial (decentralized). The distinction clarifies who owns the tokens used to construct the bridging assets. BitGo holds all wrapped bitcoin (WBTC) in its possession, making it a centralized bridge. On the other hand, on Wormhole, bridged assets are kept by the protocol, making it more decentralized.
To convert one sort of cryptocurrency into another, bridge services “wrap” said coins. So, if you go to a bridge to use another currency, such as Bitcoin (BTC), the bridge will spit out wrapped bitcoins (WBTC). To finance all those wrapped currencies, bridges need a reserve of cryptocurrency coins, and that stockpile is a prime target for hackers.
What are the benefits of bridges?
Transferring assets from one blockchain to another has a number of advantages. To begin with, the blockchain onto which you migrate assets may be less expensive and quicker than the native blockchain. This is especially true for Ethereum, where hefty transaction fees and sluggish throughput make decentralized banking problematic for newbies (DeFi).
Another advantage is that bridges allow users to access marketplaces that only exist on a different blockchain. The DeFi protocol Orca, for example, is only accessible on Solana but supports a wrapped version of ETH.
Many DeFi protocols feature built-in bridges that allow users to trade tokens between protocols without leaving the platform. This simplifies the process of transferring tokens over bridges.
Now coming to an important point.
Are blockchain bridges safe?
The short answer for this is no, for now. However, in the long run, things can get a little better. But what makes blockchain bridges so prone to attacks?
Bridges receive transactions in one form of cryptocurrency, lock it as a deposit and release an equivalent amount of another crypto on another blockchain. In a bridge attack, the hacker usually withdraws money from one side, without putting up the deposit on the other.
The intricate coding of bridges makes them particularly appealing targets because there is a lot of potential for exploitable vulnerabilities.
Ronghui Gu, founder of CertiK, says,
“If you’re trying to create a bridge between N different cryptocurrencies, the complexity of that is N squared,”
This means that there are “N” number of chances for bugs to crawl into the program.
Attackers are currently focusing on bridges since they are the weakest link in the system, but this is partly due to the industry’s success in protecting the rest of it.
The issue is that many bridges aren’t even on the blockchain. The Ronin bridge was designed to operate “off-chain,” as a system that interacts with the blockchain but is hosted on servers that are not connected to it. These systems are quick, adaptable, and lightweight.
There are various bridge systems that work as smart contracts — essentially the “on-chain” option. An attacker’s ability to alter the code of an on-chain system through social engineering is less plausible, and gaining majority control of the network is highly unlikely. The disadvantage is that smart contracts are quite complicated, and if flaws do occur, it might be difficult to update the system in a timely manner.
Although it is difficult to stop bridges from being attacked, code auditing seems to be one possibility of reducing such attacks. Bringing in outside knowledge can help fill in the gaps that in-house personnel may overlook. However, a surprising proportion of projects currently do not have such an auditor.
Both trusted and trustless bridges have basic and technological flaws. There are, nevertheless, techniques to prevent and mitigate the impact of malevolent attackers that target blockchain bridges.
In the case of trusted bridges, it is evident that the necessary signer ratio must be increased, while multisigs must be split among many wallets. Cooperation is of the utmost importance. The Web3 sector is known for its tight-knit community, so having the best brains in the field collaborate to make the environment more secure would be ideal.
The demand for interoperability in space is undeniable. Nonetheless, on this sort of platform, more robust security measures are required.
Conclusion
The theoretical advantages of blockchain bridges are undeniable as development in the blockchain industry is excessively moving towards Web3 integration. For multiple networks to collectively manifest a significant data and value remittance system, improving the security aspect of these bridges should be the top priority.