Bridge Security in Blockchain | QuillAudits

Table of Content:

What is a Blockchain Bridge?

Cross-chain bridge is a technology that allows communication between two separate blockchain networks like transferring and swapping assets, calling functions in contracts from other blockchains, and more. In other words, bridges allow users to transfer their assets from one network to another. For example, Basically, if you have bitcoin but want to spend it like Ethereum, you can do that through the bridge.

Basically, Bridges are of two types:

In this blog we will be talking about Non-Custodial bridges that operate in a decentralized manner, relying on smart contracts to manage the crypto locking and minting processes, removing the need to trust a bridge operator.

Why do we need Bridges?

The inability to work together is one of the biggest problems of blockchain. Each blockchain is limited by the walls of its own domain. This can lead to blockage or high transaction costs. Blockchain bridges provide solutions for this problem by enabling data exchange, smart contracts, token transfers, and instructions between two independent platforms and other feedback.

How do Bridges work?

Sending assets to Another Chain:
Let’s take an example where Alice wants to transfer 100 USDC from Ethereum Network to Polygon Network.

Withdrawing assets back to the Original Chain:

The above example shows how Alice transferred 100 USDC from Ethereum Network to Polygon Network. Now, Alice wants to withdraw it back to Ethereum Network.

How Bridges are Hacked?

Top Bridge Hacks — 2022:

1. BSC Bridge: $568M:

On 7th October 2022, an exploit was affecting the native cross-chain bridge called “BSC Token Hub”. The bug was in the proof verifier of the bridge. A total of 2 million BNB was withdrawn and Binance temporarily paused BSC Network to prevent further damages. Funds taken off BSC are estimated between $100M — $110M.
Further Reads: https://blog.quillhash.com/2022/10/11/the-million-dollars-bsc-token-hub-bridge-hack-analysis/

2. Nomad attacks: $200M:

Back in August, hackers exploited Nomad to steal around $200 million. The main cause of the attack was that Nomad’s smart contract failed to properly validate the input of the transaction.
Further Reads: https://sm4rty.medium.com/nomad-bridges-200-million-exploit-postmortem-9d1cd83db1f7

3. Harmony Bridge: $100M:

On June 2022, The Harmony Horizon bridge was exploited via the theft of two private keys. The attack resulted in a theft of roughly $100 million in various cryptocurrencies, including Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin (USDC). The attacker then used Tornado Cash to launder many of the stolen tokens.
Further Reads: https://medium.com/harmony-one/harmonys-horizon-bridge-hack-1e8d283b6d66

4. Ronin Bridge: $600M:

In March 2022, a huge hack was carried out at Ronin Network, the Ethereum-based sidechain for the well-known cryptocurrency game Axie Infinity. The attackers stole approximately 173,600 ETH and 25.5 million USDC for a total value of approximately $624 million.
The attacker allegedly used hacked private keys to fabricate bogus withdrawals from the Ronin bridge contract in two transactions.
Further Reads: https://blog.chainalysis.com/reports/axie-infinity-ronin-bridge-dprk-hack-seizure

5. Poly Network: $600M

On 10th August 2021, Poly Network suffered from a hack that caused a loss of over 600 million dollars. The hack happened across multiple blockchains including Ethereum, Binance Smart Chain, and Polygon. This is the largest crypto hack yet.
Further Reads: https://mudit.blog/poly-network-largest-crypto-hack/

6. Wormhole Bridge Hack: $320M

On February 2nd, 2022, Wormhole Bridge was hacked for 120,000 wETH worth $320M. The hacker exploited the vulnerability in the smart contract and minted new tokens. After the hack, The Wormhole network was taken down to patch the vulnerability.
Further Reads: https://rekt.news/wormhole-rekt/

Securing Cross-Chain Bridges:

With all these significant hacks happening so frequently and in such a close amount of time, it should be obvious that security is urgently needed. Once something is on the blockchain, it is permanent and accessible to anyone. So if there’s a flaw in the bridge, you can guarantee that the hackers will exploit it.

These Projects should focus more on security to minimize the risk of being exploited. It can be done through:

References:

https://cryptonews.net/news/security/14076221/
https://ethereum.org/en/bridges/

Bridge Projects Secured by QuillAudits:

Plug exchange
Unifarm

Web3 security- Need of the hour

Why QuillAudits For Web3 Security?

QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :

Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :

- Affiliate program ( Refer and secure web3 )

- QuillAudits Partnership Programme ( Venture funds, launchpads, development companies, marketing firms, web2 cybersecurity firms, web3 products )

- Join Ambassdor program

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store