Bridges On The Blockchain Are In Trouble

Another day, another hack, and yet another blockchain bridge is lost.

Targeting Blockchain “bridges,” or lines of code that help move cryptocurrency money between various applications, has culminated to an eighth robbery for 2022. The incident took place last a few weeks ago when burglars allegedly took $190 million from the American cryptocurrency company Nomad.
Hackers have already taken cryptocurrency worth over $1.2 billion from bridges this year, more than double the amount they took last year, according to information from London-based blockchain monitoring company Elliptic.
The co-founder of the cybersecurity startup CertiK and associate professor of computer science at Columbia University in New York, Ronghui Hu, said, “This is a clash where the cybersecurity firm or the project can’t be the winner.”

When hackers review a project and find no problems, they may simply go on to the next one until they find a weak point because we have so many efforts to protect.

Most digital tokens currently run on their own unique blockchain, which serves as a form of online ledger for cryptocurrency transactions. The likelihood of these projects being broadly implemented decreases as they become isolated.
Blockchain bridges aim to break down these obstacles. Supporters assert they will play a significant part in “Web3,” the much-hyped vision of a digital future where cryptocurrencies are incorporated into online life and trade.

The eighth-largest cryptocurrency theft ever came from the Nomad hack. Other bridge thefts this year include a $615 million heist from Ronin, which was used in a popular online game, and a $320 million theft from Wormhole, which was used in so-called decentralized banking systems.
Blockchain bridges are the most conducive environment for emerging vulnerabilities, according to Steve Bassi, co-founder and CEO of malware detector PolySwarm.

Nomad and other companies that make blockchain bridge software have received support.

Pranay Mohan, co-founder and CEO of Nomad, called its security methods the “gold standard.” Nomad, based in San Francisco, claimed to have received $22.4 million from investors just five days before being hacked, including well-known exchange Coinbase Global (COIN.O).

Advertisement

It has indicated that it is working with law enforcement agencies and a blockchain analysis business to monitor the stolen assets. Late this week, it promised a reward of up to 10% for the recovery of the money taken from the bridge. On Saturday, it disclosed that it had already recovered more than $32 million of the monies that had been taken.

According to Mohan, the community is what matters most in cryptocurrencies, and the restoration of bridging user cash is our top goal. He spoke to allegedly moral hackers by saying, “Any party that reimburses 90% or more of funds that were misappropriated would be regarded as a “white hat,” and white hats won’t be penalized by us.
Recent conversations with a number of blockchain and cyber security professionals indicate that bridges can be vulnerable places for projects and apps because of their complexity.

One reason why hackers have recently targeted these cross-chain bridges is because of the immense technical sophistication involved in developing these kinds of services, according to Ganesh Swami, CEO of blockchain data company Covalent in Vancouver, which had some cryptocurrency stored on Nomad’s bridge when it was hacked.

For instance, some bridges modify cryptocurrency tokens to make them compatible with different blockchains while retaining the original coins in reserve. Others rely on smart contracts, complex agreements that carry out transactions automatically.

All of these might contain bugs or other programming flaws that provide hackers access.

So what course of action is best here?

Audits of smart contracts and “bug bounty” schemes that reward open-sourced evaluations of smart contract code, according to some experts, could help avoid cybercrimes.

Others contend that spreading out the control over the bridges among more diverse entities will improve their resilience and code transparency.

Advertisement

Cross-chain bridges are an enticing target for hackers because they generally use a centralized infrastructure that typically locks up assets, claims Victor Young, founder and chief architect of American blockchain firm Analog.