Crossing Over Carefully: Blockchain Bridge Exploits and Bitfinity's Solution

While blockchain bridges are necessary to connect isolated networks, their consolidation of large token reserves also makes them targets for major hacks. This article looks at the wall of shame and Bitfinity that could offer a solution...

Crossing Over Carefully: Blockchain Bridge Exploits and Bitfinity's Solution

Blockchain bridges play a pivotal role in enhancing interoperability between different blockchain networks. But not only do they play a key role, they are also targeted because they provide a way to transfer billions of capital to another chain, which makes it very attractive for thieves.

This article explores the need for blockchain bridges in crypto but more importantly their errors and historical heists. We also take a look at how Bitfinity combats these issues and will provide a new solution going forward.

The Need for Blockchain Bridges

Firstly, we need to discuss the need for blockchain bridges that are essential for solving the problem of interoperability that has existed since the inception of new blockchains after Bitcoin's creation in 2008.

The crypto ecosystem has remained fragmented ever since and isn’t improving. With blockchains operating in isolation, reminiscent of islands, there needs to be some kind of connection.

Blockchain bridges aim to unify this ecosystem, as they allow for seamless asset transfers and enable users to leverage the benefits of multiple blockchains.

Cheaper and Faster

Blockchain bridges offer users the opportunity to experience cheaper and faster transactions. For instance, Bitcoin network users facing high transaction fees and slow throughput could transfer their BTC to a Layer 2 sidechain and deploy their assets by using a bridge, which ultimately would cost less and have more options.

Redefining Bitcoin Layer-2: How Bitfinity Applies It to Bitcoin
This article explores how Bitfinity implements bitcoin functionality as a sidechain using the Internet Computer (ICP) protocol’s powerful threshold cryptography capabilities.

Exploration of the Blockchain Ecosystem

Bridges allow users to engage with decentralized applications (DApps) exclusive to certain blockchains. For example, many of the DeFi Dapps, only available on Ethereum, could be accessible if users use bridges to come from other blockchains.

Exploring the Untapped Potential of Bitcoin’s Network
We examine innovations like the Bitfinity EVM, the surge in ordinal inscriptions, enterprise adoption, and the promise of DeFi on Bitcoin. Ultimately, Bitcoin’s unparalleled security and massive untapped liquidity could pave the way for efficient yet tamper-proof decentralized apps.

Although unique solutions are well underway to potentially eliminate the need for bridging specifically for this purpose, as the EVM is coming to your network, if not already.

Scalability

For developers, blockchain bridges offer a solution to the limitations of building on networks like Ethereum, which, despite its popularity, suffers from high fees and slow transaction times. With bridges these ‘builders’ can start creating on other blockchains as well and work more efficiently.

The Flippening Reversed: The Rise of Smart Contracts on Bitcoin
This in-depth article examines the history and capabilities of smart contracts, how they are being brought to Bitcoin through solutions like Bitfinity EVM, and the enormous possibilities this unlocks for building new types of decentralized applications that leverage Bitcoin’s security and scale.

The High Profile of Bridges

Cross-chain bridges, much like liquidity and lending pools, concentrate user funds into a single reserve, making them attractive targets for theft. This centralization of assets has historically made centralized exchanges vulnerable, and now bridges are facing similar threats due to this lucrative concentration of funds. As we know, the safety of blockchain bridges has been a concern, as seen through our exploit history. But how are they getting exploited?

Most Common Vulnerabilities in Bridge Exploits

Smart Contract Bugs

Cross-chain bridges operate on the principles of smart contracts, which are automated, self-executing contracts with the terms directly written into code. Unfortunately, smart contracts are prone to bugs, and even a small oversight can lead to significant losses.

Notable examples of smart contract bugs include reentrancy attacks, where an attacker repeatedly withdraws funds, and logic errors that can be exploited to drain assets from the bridge.

Although there are errors in the code, the argument that "the code is law" would not hold up in court and could result in serious legal consequences for those who try to exploit bugs.

Centralization Risks 

Some bridges operate with a degree of centralization, relying on a small set of validators or multisig wallets to approve transactions. Sometimes these multisigs are controlled solely by members of the same team or even by just one person. It doesn’t get more centralized than this of course. If these access points are compromised, bridges can be exploited.

Oracle Manipulation 

Bridges often rely on oracles to provide external data necessary for executing transactions. If an attacker has the ability to manipulate this data, they can cause the bridge to execute fraudulent transactions, resulting in losses. This could lead to blatant price manipulation, where the value of assets is artificially inflated or deflated.

Inadequate Auditing 

A thorough audit by a reputable security firm is crucial for identifying potential vulnerabilities, but history has shown that even if audits occur, it does not guarantee total safety.

Merlin’s $1.8m heist highlights role of code auditor CertiK: ‘This should have been captured’
Rogue developers made off with millions from DeFi project Merlin, sparking a debate about the role code audits play in security

These costly audits can be expensive and time-consuming, potentially leading some projects to minimize this essential security step.

Biggest and Most Recent Bridge Hacks & Exploits

If we take a look at the biggest and most recent bridge hacks, we see that this affects millions of users and their funds. Many people lost it all just wanting to bridge their assets from one blockchain to another, but never to return again. We'll take a look at the wall of shame of crypto cross chain bridges exploits.

Poly Network - $611 million

Holding the dubious honor of the biggest bridge hack in history, Poly Network was once a formidable network of cross-chain bridges connecting 35 blockchains—until it was not.

On August 10, 2021, blackhat hackers ran off with a staggering $611 million from three Poly Network smart contracts across the ETH and BNB chains when they exploited a vulnerability in the smart contract code. Luckily the hack was reversed after the attacker returned the funds, likely due to the trails they left behind and the impending legal consequences that would have occurred if they did not comply.

Ronin Bridge - $600 million

In March 2022, the Ronin Bridge was exploited by hackers who drained the platform of $600 million. Sky Mavis, the company behind Axie Infinity, took immediate action to address the security breach by working closely with law enforcement agencies in an attempt to recover the stolen funds. After the re-deployed of the Ronin Bridge with enhanced security measures all users were compensated for their lost funds. The group Lazarus was behind this as well, presumably, more on them later on.

Axie Infinity Recovers From $600M Hack, Bridge Re-Launched
The company behind the popular non-fungible token (NFT) game Axie Infinity, Sky Mavis, celebrated the re-launch of its Ronin Bridge.

BNB Bridge - $586 Million

Also, centralized exchanges behemoths like Binance with their bridge are not safe, as seen when the BNB Bridge, which facilitated transactions between the Binance Beacon Chain and the Binance Smart Chain, suffered a significant exploit when attackers forged cryptographic proofs to mint 2,000,000 BNB tokens, amounting to a theft of $586,000,000 in value.

This event was so impactful that it resulted in the Binance Smart Chain being halted for approximately 8 hours, causing further financial damage for all who held positions at that time.

Wormhole Bridge - $370M

Another bridge that collapsed with all negative consequences for everyone involved was the Solana-based Wormhole Bridge. As it fell victim and saw $370 million of its funds stolen.

A year after the hack, a joint effort by white hat hackers and two crypto companies, including the decentralized finance platform Oasis and Web3 infrastructure firm Jump Crypto, led to a strategic counter-exploit. This luckily had the effect of seeing a significant portion of the lost assets recovered.

Wormhole Bridge Exploit: $140M Worth Stolen Assets Recovered
The High Court of England and Wales ordered Oasis to retrieve the stolen assets.

Nomad – $190 Million

Also, Nomad Bridge was attacked due to a critical initialization error that compromised its security when an update to its smart contracts allowed for fake transactions.

This led to a chaotic free-for-all event where $190 million was siphoned off, mostly by copycats. And poof, the money was gone.

Harmony – $100 Million

Harmony's bridge, another household name in the bridging sphere, lost over $100 million in cryptocurrencies due to an attack, which was linked and most likely carried out by the Lazarus group (a North Korean hacker collective).

North Korean Hackers Lazarus Group Stolen $3B in Cryptocurrency
The hacker group stole the funds over the last six years, which was likely used to fund the country’s projects, a report said.

Hackers compromised the validators on the bridge's multi-signature wallet and gained access to the funds. The protocol responded with a reimbursement plan but not with the support of its community.

Heco Bridge - $86.6 Million

The Heco bridge, which was a crucial conduit for asset transfers between Ethereum and the Heco Chain, was drained after a major security incident and lost $86.6 million at once. Was it a rug pull or bridge exploit? The bottom line is that bridgers had their money taken off their blockchain and into the hands of malicious actors, never to be seen again.

Heco bridge appears to have been drained of $86.6 million
The Heco bridge appears to have been drained, while further funds may have been taken from crypto exchange HTX.

Orbit Chain's Bridge - $81.5 Million

The Orbit Chain's cross-chain bridge, also known as Orbit Bridge, was another one that had been compromised, with the staggering loss of $81.5 million worth in crypto and stablecoins. Nobody saw it coming and from one moment to the next, the funds were gone.

The hackers executed five separate transactions, each moving funds to a new wallet. These transactions consisted of $50 million in stablecoins, which included 30 million Tether (USDT), 10 million DAI, and 10 million USD Coin (USDC).

Orbit Chain’s bridge reportedly hacked for $81.5 million
The bridge has close ties to the Klaytn ecosystem, with nine out of its top ten tokens being Orbit-wrapped assets.

Shibarium Layer-2 Bridge - $1.7 Million

On the famous memecoin dog Shiba Inu's highly anticipated Shibarium layer-2 network launch, another event saw 'just' $1.7 million worth of Ethereum get trapped within its bridge contract.

Blockchain analyst ZachXBT reported that on top of the initial amount, an additional $762,000 worth of BONE, Shibarium's governance token, was sent to the bridge contract. Since then, there was a noticeable halt in network activity, with no new transactions processed on the Shibarium chain for over three hours at the time of reporting. Luckily this got fixed, but it underlines the point that bridging crypto is far from risk-free and without stress.

$1.7M of Ethereum ‘Stuck’ in SHIB Layer-2 Network Shibarium - Decrypt
The much-anticipated Shibarium layer-2 network has been marred by a key technical issue with its bridge contract.

Socket - $2.3 Million

Lastly, worth a mention and still in recent memory is the exploit targeting the Bungee bridge protocol on January 16th. Wallets with infinite approvals to Socket contracts were particularly affected. Blockchain security firm PeckShield initially reported that around $3.3 million in assets were stolen. However, Socket responded by pausing the affected contracts to prevent further damage.

According to PeckShield, the exploit was a result of insufficient validation of user input within the SocketGateway contract. This oversight allowed the attacker to siphon funds from users who had previously granted approval to the compromised contract.

Socket recovers $2.3 million in ETH after bridge protocol exploit
The recovered funds represent roughly $2.3 million worth in ETH, with the damage from the exploit estimated at $3.3 million.

Reality of Bridge Exploits

As the eerie events described above illustrate, bridge exploits and hacks are a common occurrence in crypto. Many solutions need to be found, as everyone can fall victim to these incidents. So it is in real life where crypto people truly suffer hard times and lose life savings of substantial amounts.

Indian Man Tried to Jump Off Bridge After Suffering Losses in Crypto: Report
The young techie was rattled by threatening calls made by people from whom he had borrowed and invested in cryptocurrencies.

Solutions to these bridge problems need to be found! Who can help us better than Bitfinity?

The Role of Decentralized Bridges Offered by Bitfinity

Still not officially launched but Bitfinity utilizes a decentralized bridge supported by a threshold signature scheme, enabling the secure transfer of Bitcoin to the EVM.

This bridge facilitates the use of Bitcoin within the Ethereum ecosystem, increasing its utility for existing decentralized applications (DApps) that were primarily Ethereum-oriented. This is a game changer as the decentralized bridge:

  • Enables Bitcoin integration with EVM, fostering cross-asset operations
  • Offers secure, trust-minimized interaction between Bitcoin's liquidity and smart contract ecosystems
  • Supports a diverse range of decentralized finance protocols from exchanges to NFT platforms
Bridges to Nowhere- Why Bridges get Hacked and how the IC Will Solve the Bridging Dilemma
The Internet Computer uses bridgeless architecture, making sure that assets are always stored off of the Internet Computer in their native forms, never centralized into a hackable bridge, and ultimately transacted on their native networks.

This integration is facilitated by the Internet Computer's innovative technology, enabling a decentralized bridge alongside the EVM to anchor Bitcoin onto the platform.

Conclusion

Blockchain bridges are needed to bridge the gap in crypto, bot for funds and technical progress. However, as we've seen from major hacks totaling over $2 billion and counting, they present an attractive target due to the large sums of capital concentrated on the bridge.

These incidents highlight the need for more robust and decentralized bridge solutions. And solutions are being built, as Bitfinity utilizes threshold signature schemes to enable secure Bitcoin transfers to Ethereum via an Internet Computer anchored bridge. Rather than relying on central authorities or limited validators, Bitfinity distributes responsibility across multiple independent parties. 

If implemented well, this approach could help reduce attack surfaces and provide a more resilient solution for blockchain interoperability going forward.

Connect with Bitfinity Network

Bitfinity Wallet | Bitfinity Network | Twitter | Telegram | Discord | Github

*Important Disclaimer: While every effort is made on this website to provide accurate information, any opinions expressed or information disseminated do not necessarily reflect the views of Bitfinity itself. The information provided here is for general informational purposes only and should not be considered as financial advice.