Blockchain bridges play a pivotal role in enhancing interoperability between different blockchain networks. But not only do they play a key role, they are also targeted because they provide a way to transfer billions of capital to another chain, which makes it very attractive for thieves.
This article explores the need for blockchain bridges in crypto but more importantly their errors and historical heists. We also take a look at how Bitfinity combats these issues and will provide a new solution going forward.
The Need for Blockchain Bridges
Firstly, we need to discuss the need for blockchain bridges that are essential for solving the problem of interoperability that has existed since the inception of new blockchains after Bitcoin's creation in 2008.
The crypto ecosystem has remained fragmented ever since and isn’t improving. With blockchains operating in isolation, reminiscent of islands, there needs to be some kind of connection.
Blockchain bridges aim to unify this ecosystem, as they allow for seamless asset transfers and enable users to leverage the benefits of multiple blockchains.
Cheaper and Faster
Blockchain bridges offer users the opportunity to experience cheaper and faster transactions. For instance, Bitcoin network users facing high transaction fees and slow throughput could transfer their BTC to a Layer 2 sidechain and deploy their assets by using a bridge, which ultimately would cost less and have more options.
Exploration of the Blockchain Ecosystem
Bridges allow users to engage with decentralized applications (DApps) exclusive to certain blockchains. For example, many of the DeFi Dapps, only available on Ethereum, could be accessible if users use bridges to come from other blockchains.
Although unique solutions are well underway to potentially eliminate the need for bridging specifically for this purpose, as the EVM is coming to your network, if not already.
For developers, blockchain bridges offer a solution to the limitations of building on networks like Ethereum, which, despite its popularity, suffers from high fees and slow transaction times. With bridges these ‘builders’ can start creating on other blockchains as well and work more efficiently.
The High Profile of Bridges
Cross-chain bridges, much like liquidity and lending pools, concentrate user funds into a single reserve, making them attractive targets for theft. This centralization of assets has historically made centralized exchanges vulnerable, and now bridges are facing similar threats due to this lucrative concentration of funds. As we know, the safety of blockchain bridges has been a concern, as seen through our exploit history. But how are they getting exploited?
Most Common Vulnerabilities in Bridge Exploits
Smart Contract Bugs
Cross-chain bridges operate on the principles of smart contracts, which are automated, self-executing contracts with the terms directly written into code. Unfortunately, smart contracts are prone to bugs, and even a small oversight can lead to significant losses.
Notable examples of smart contract bugs include reentrancy attacks, where an attacker repeatedly withdraws funds, and logic errors that can be exploited to drain assets from the bridge.
Although there are errors in the code, the argument that "the code is law" would not hold up in court and could result in serious legal consequences for those who try to exploit bugs.
Some bridges operate with a degree of centralization, relying on a small set of validators or multisig wallets to approve transactions. Sometimes these multisigs are controlled solely by members of the same team or even by just one person. It doesn’t get more centralized than this of course. If these access points are compromised, bridges can be exploited.
Bridges often rely on oracles to provide external data necessary for executing transactions. If an attacker has the ability to manipulate this data, they can cause the bridge to execute fraudulent transactions, resulting in losses. This could lead to blatant price manipulation, where the value of assets is artificially inflated or deflated.
A thorough audit by a reputable security firm is crucial for identifying potential vulnerabilities, but history has shown that even if audits occur, it does not guarantee total safety.
These costly audits can be expensive and time-consuming, potentially leading some projects to minimize this essential security step.
Biggest and Most Recent Bridge Hacks & Exploits
If we take a look at the biggest and most recent bridge hacks, we see that this affects millions of users and their funds. Many people lost it all just wanting to bridge their assets from one blockchain to another, but never to return again. We'll take a look at the wall of shame of crypto cross chain bridges exploits.
Poly Network - $611 million
Holding the dubious honor of the biggest bridge hack in history, Poly Network was once a formidable network of cross-chain bridges connecting 35 blockchains—until it was not.
On August 10, 2021, blackhat hackers ran off with a staggering $611 million from three Poly Network smart contracts across the ETH and BNB chains when they exploited a vulnerability in the smart contract code. Luckily the hack was reversed after the attacker returned the funds, likely due to the trails they left behind and the impending legal consequences that would have occurred if they did not comply.
Ronin Bridge - $600 million
In March 2022, the Ronin Bridge was exploited by hackers who drained the platform of $600 million. Sky Mavis, the company behind Axie Infinity, took immediate action to address the security breach by working closely with law enforcement agencies in an attempt to recover the stolen funds. After the re-deployed of the Ronin Bridge with enhanced security measures all users were compensated for their lost funds. The group Lazarus was behind this as well, presumably, more on them later on.
BNB Bridge - $586 Million
Also, centralized exchanges behemoths like Binance with their bridge are not safe, as seen when the BNB Bridge, which facilitated transactions between the Binance Beacon Chain and the Binance Smart Chain, suffered a significant exploit when attackers forged cryptographic proofs to mint 2,000,000 BNB tokens, amounting to a theft of $586,000,000 in value.
This event was so impactful that it resulted in the Binance Smart Chain being halted for approximately 8 hours, causing further financial damage for all who held positions at that time.
Wormhole Bridge - $370M
Another bridge that collapsed with all negative consequences for everyone involved was the Solana-based Wormhole Bridge. As it fell victim and saw $370 million of its funds stolen.
A year after the hack, a joint effort by white hat hackers and two crypto companies, including the decentralized finance platform Oasis and Web3 infrastructure firm Jump Crypto, led to a strategic counter-exploit. This luckily had the effect of seeing a significant portion of the lost assets recovered.
Nomad – $190 Million
Also, Nomad Bridge was attacked due to a critical initialization error that compromised its security when an update to its smart contracts allowed for fake transactions.
This led to a chaotic free-for-all event where $190 million was siphoned off, mostly by copycats. And poof, the money was gone.
Harmony – $100 Million
Harmony's bridge, another household name in the bridging sphere, lost over $100 million in cryptocurrencies due to an attack, which was linked and most likely carried out by the Lazarus group (a North Korean hacker collective).
Hackers compromised the validators on the bridge's multi-signature wallet and gained access to the funds. The protocol responded with a reimbursement plan but not with the support of its community.
Heco Bridge - $86.6 Million
The Heco bridge, which was a crucial conduit for asset transfers between Ethereum and the Heco Chain, was drained after a major security incident and lost $86.6 million at once. Was it a rug pull or bridge exploit? The bottom line is that bridgers had their money taken off their blockchain and into the hands of malicious actors, never to be seen again.
Orbit Chain's Bridge - $81.5 Million
The Orbit Chain's cross-chain bridge, also known as Orbit Bridge, was another one that had been compromised, with the staggering loss of $81.5 million worth in crypto and stablecoins. Nobody saw it coming and from one moment to the next, the funds were gone.
The hackers executed five separate transactions, each moving funds to a new wallet. These transactions consisted of $50 million in stablecoins, which included 30 million Tether (USDT), 10 million DAI, and 10 million USD Coin (USDC).
Shibarium Layer-2 Bridge - $1.7 Million
On the famous memecoin dog Shiba Inu's highly anticipated Shibarium layer-2 network launch, another event saw 'just' $1.7 million worth of Ethereum get trapped within its bridge contract.
Blockchain analyst ZachXBT reported that on top of the initial amount, an additional $762,000 worth of BONE, Shibarium's governance token, was sent to the bridge contract. Since then, there was a noticeable halt in network activity, with no new transactions processed on the Shibarium chain for over three hours at the time of reporting. Luckily this got fixed, but it underlines the point that bridging crypto is far from risk-free and without stress.
Socket - $2.3 Million
Lastly, worth a mention and still in recent memory is the exploit targeting the Bungee bridge protocol on January 16th. Wallets with infinite approvals to Socket contracts were particularly affected. Blockchain security firm PeckShield initially reported that around $3.3 million in assets were stolen. However, Socket responded by pausing the affected contracts to prevent further damage.
According to PeckShield, the exploit was a result of insufficient validation of user input within the SocketGateway contract. This oversight allowed the attacker to siphon funds from users who had previously granted approval to the compromised contract.
Reality of Bridge Exploits
As the eerie events described above illustrate, bridge exploits and hacks are a common occurrence in crypto. Many solutions need to be found, as everyone can fall victim to these incidents. So it is in real life where crypto people truly suffer hard times and lose life savings of substantial amounts.
Solutions to these bridge problems need to be found! Who can help us better than Bitfinity?
The Role of Decentralized Bridges Offered by Bitfinity
Still not officially launched but Bitfinity utilizes a decentralized bridge supported by a threshold signature scheme, enabling the secure transfer of Bitcoin to the EVM.
This bridge facilitates the use of Bitcoin within the Ethereum ecosystem, increasing its utility for existing decentralized applications (DApps) that were primarily Ethereum-oriented. This is a game changer as the decentralized bridge:
- Enables Bitcoin integration with EVM, fostering cross-asset operations
- Offers secure, trust-minimized interaction between Bitcoin's liquidity and smart contract ecosystems
- Supports a diverse range of decentralized finance protocols from exchanges to NFT platforms
This integration is facilitated by the Internet Computer's innovative technology, enabling a decentralized bridge alongside the EVM to anchor Bitcoin onto the platform.
Blockchain bridges are needed to bridge the gap in crypto, bot for funds and technical progress. However, as we've seen from major hacks totaling over $2 billion and counting, they present an attractive target due to the large sums of capital concentrated on the bridge.
These incidents highlight the need for more robust and decentralized bridge solutions. And solutions are being built, as Bitfinity utilizes threshold signature schemes to enable secure Bitcoin transfers to Ethereum via an Internet Computer anchored bridge. Rather than relying on central authorities or limited validators, Bitfinity distributes responsibility across multiple independent parties.
If implemented well, this approach could help reduce attack surfaces and provide a more resilient solution for blockchain interoperability going forward.
Connect with Bitfinity Network
*Important Disclaimer: While every effort is made on this website to provide accurate information, any opinions expressed or information disseminated do not necessarily reflect the views of Bitfinity itself. The information provided here is for general informational purposes only and should not be considered as financial advice.