Quick Links
The Web3 industry has witnessed hacks totaling $7.77 billion, and this figure represents only the recorded data. Approximately $2.83 Bn, contributing to 36% of these breaches, are caused by Cross Chain Bridge exploits, highlighting the significant vulnerability that exists for hackers to exploit. Before we further get into this discussion, let’s understand more about cross-chain bridges.
Recap of Cross Chain Bridges
As we know, each blockchain operates as its isolated network, lacking the ability to communicate directly with others. This limitation gave rise to the concept of blockchain interoperability, which allows different blockchain systems to seamlessly exchange data, messages, and digital assets.
Enter the cross-chain bridge, a crucial element in achieving blockchain interoperability. Without interoperability solutions like cross-chain bridges, the full potential of a multi-chain ecosystem remains underutilized. These bridges act as intermediaries, bridging the gap between independent blockchain networks and facilitating crucial functions like token transfers, smart contracts, and data exchange.
Vulnerabilities in Cross-Chain Bridges
Let’s explore the major vulnerabilities that hackers have taken advantage of in cross-chain bridges.
Unsecure Private Key Management
Private keys play an important role in managing the operations of a cross-chain bridge. The bridge operators each possess a unique private key. They are responsible for reaching a consensus and verifying messages or values sent across chains by users, ensuring accurate delivery. Approval of these messages relies on digital signatures derived from the underlying private keys, either individually or as a quorum.
Think of your crypto like a rare digital painting stored in a high-security vault. To access the vault, there needs to be a master key. In cross-chain bridges, these master keys are private keys. If someone steals their way into getting access to the master key i.e. unauthorized access or the security guards lose track of the master key i.e. improper handling, your precious digital painting is in danger! This is why secure private key management is crucial for cross-chain bridges.
In the first quarter of 2024, the Web3 industry observed a dramatic increase in financial losses due to private key compromises, totaling $239 million. This represents a significant rise of about 1,171% from the $18.8 million reported in the same period in 2023. Among the most prominent cases were PlayDapp and FixedFloat, incurring losses of roughly $32 million and $26 million, respectively.
Popular Hacking Incidents Due to Compromised Private Keys :
- Orbit Chain: Cross-chain bridge Orbit Chain fell victim to a cyberattack on January 1, 2024. Weaknesses in how the platform validated withdrawal requests and signatures allowed hackers to steal over $82 million in cryptocurrency.
- Charlotte Fang Attack: On March 16, the wallets of Charlotte Fang, founder of Milady Maker and other projects, were breached, likely due to a compromised Bitwarden account. This attack resulted in losses of 300 ETH and additional assets worth approximately 544 ETH, including multiple Milady and Remilio Baby NFTs. The breach, which unfolded in two phases, initially hit Remilia’s hot wallets and then its treasury, transferring a total of 195.1 Ether and various NFTs. Despite efforts to secure the treasury by adjusting multisig requirements and changing compromised signatories, the attackers had already seized control of the Bitwarden account, which housed all critical private keys and passwords. Remilia’s investigation suggested that the breach might have been enabled by malware or a brute-force attack, aggravated by the insecure storage of all multisignature keys in a single, inadequately protected Bitwarden account.
Lack of Smart Contracts Audits
Cross-chain bridges are the vital infrastructure connecting different blockchains, allowing seamless movement of digital assets. These bridges rely on smart contracts, deployed on multiple chains, to handle the minting, burning, locking, and unlocking of tokens during transfers. However, the security of these smart contracts is paramount. Hackers are constantly looking for vulnerabilities to exploit, and a single breach in a cross-chain bridge can result in devastating losses. This is where smart contract audits come in.
Smart contract audits are thorough reviews by security experts who analyze the code for potential vulnerabilities. These audits can identify security flaws that may have gone unnoticed during development, potentially saving projects from costly exploits. Audits provide valuable insights into the system architecture, helping identify potential attack vectors. With this information, developers can implement robust controls and safeguards, significantly reducing the attack surface.
Cross-chain bridge exploits due to smart contract vulnerability :
- Wormhole Bridge: A hacker exploited a vulnerability in Wormhole’s smart contract, launching a series of attacks that enabled them to create 120,000 Wrapped Ethereum on Solana (WeETH) without the required Ethereum collateral. This breach resulted in a loss of approximately 120,000 WeETH, valued at over $320 million.
- Binance Bridge: In October 2022, a security flaw in Binance Bridge’s IAVL Merkle proof verification system was exploited by hackers. This vulnerability allowed them to steal 2 million BNB, worth approximately USD 600 million at the time.
Unsafe Upgradability Processes of Smart Contracts
Upgradability is the capability to modify a smart contract’s code or adjust specific parameter settings within its code. Developers often utilize upgradable contracts to enhance their smart contracts by introducing new features, addressing bugs, improving functionality, or adapting to changes in technology, markets, or societal needs. In cross-chain bridges, upgradability enables the addition of support for new tokens and blockchains, integration of novel methods for validating cross-chain messages, and more. However, ensuring secure upgradability is crucial, as an insecure upgrade process could create potential vulnerabilities.
To achieve secure upgradability with cross-chain bridges, a defense-in-depth approach is adopted. This involves robust private key management, where keys are held by multiple independent entities, implementing timelock delays to allow users to review on-chain changes before activation, and establishing stringent approval processes, such as granting cross-chain bridge operators the ability to veto proposed changes during the timelock period.
Dependency on Single Network
Imagine a bridge over a river connecting a bustling marketplace to a remote village. It might work for basic foot traffic, but if you want to connect a whole network of towns and cities, you need something sturdier.
That’s the problem with cross-chain bridges that rely on a single network for all their operations – they’re simply not built for the complex world of interconnected blockchains. The biggest risk with these single-network bridges is the domino effect of a security breach. Because all the traffic flows through one point, a successful attack could cripple the entire bridge, impacting every connected blockchain. Users on any chain could lose their assets, with very little chance of getting them back.
The best cross-chain bridges use multiple independent networks, making them much harder to hack. This discourages attackers and adds extra layers of security. Additionally, some bridges leverage different coding languages and separate network responsibilities for even greater protection. These features, combined with active risk management, ensure a more secure environment for your crypto assets during cross-chain transfers.
Unproven Sets of Validators
The people and organizations running a cross-chain bridge are its center point. Their experience and knowledge directly impact bridge security. Users should exercise caution when encountering untested validator sets that lack the necessary expertise and experience to operate a cross-chain bridge securely and dependably, as reliable cross-chain operations require top-tier validators with extensive experience in operational security (OPSEC), private key management, and smooth transaction processing.
It’s crucial to check the past performance of these validators. Also, to ensure reliability, validators should be required to stake collateral, which gets slashed if they misbehave or operate unreliably. This helps incentivize honest and dependable behavior.
No Active Monitoring of Transactions
Active transaction monitoring is crucial for the security of cross-chain bridges, enabling the detection and immediate response to anomalous behavior. This real-time monitoring serves as a powerful tool for identifying suspicious activity and implementing preventive measures to prevent potential hacks or exploits. One significant application of active transaction monitoring is emergency pauses in the cross-chain system, triggered before executing suspicious transactions or after a malicious transaction has occurred. For instance, if an unauthorized request to withdraw the entire asset pool without proper collateral is detected, the system can be paused to prevent further damage.
In addition to proactive measures, having monitoring systems in place acts as health checkers, instantly notifying relevant parties of security discrepancies. This swift notification can significantly reduce response time and facilitate necessary actions to mitigate risks. Even if a hack is detected late and funds cannot be recovered through the bridge itself, it remains crucial to inform exchanges, stablecoin issuers, and label addresses.
To ensure the effectiveness and integrity of active transaction monitoring, it is recommended to have a separate entity or network responsible for this task, distinct from the cross-chain bridge’s primary validator set. This separation of responsibilities establishes checks and balances, minimizing the risk of manipulation by malicious operators or groups, and enhancing overall security measures.
Ronin Network: In March 2022, the Ronin Bridge incident was reported by Holborn Blockchain Security, revealing a significant blind spot: the hack was identified six days post-occurrence, highlighting the potential benefits of active transaction monitoring for timely detection and response.
Lack of Rate Limits
Rate limits serve as a protective measure in traditional software, employed by websites to fend off denial-of-service (DOS) attacks and by data providers to prevent an excessive number of API requests from overloading their servers. These limits control the number of requests allowed within a specified time frame and volume.
In cross-chain Bridges, rate limits play a crucial role in regulating the transfer of value between different blockchains over a set period. The concept of rate limiting involves imposing restrictions on the quantity of value flowing through a cross-chain solution during a specified duration. By doing so, it establishes an additional layer of security, mitigating the potential impact of an attack. This is particularly vital for protocols safeguarding substantial amounts of value.
Each instance of a bridge hack where the entirety of the value was stolen within a brief period could have been prevented with the implementation of rate limits and an emergency halt feature, provided there were no logic errors in their execution.