How Cross-Chain Bridges are Hacked?
0xB25C
October 22nd, 2022

A cross-chain bridge is a technology that allows communication between two separate blockchain networks, such as transferring and swapping assets, calling functions in contracts from other blockchains, and more. Bridges, in other words, enable users to transfer assets from one network to another. For example, if you have Bitcoin and want to spend it like Ethereum, you can do so via the bridge.

There will undoubtedly be more opportunities for users to use bridges as the number of different blockchains grows. However, if you are unfamiliar with the characteristics of each bridge, you may be exposed to unexpected risks, so use them with caution.

With all of these major hacks occurring so frequently and in such a short period of time, it should be obvious that security is desperately needed. I'll go over the most common bridge attacks and provide a list of useful resources to help you protect yourself from potential problems!


I - Top Bridge Hacks — 2022:

  1. BSC Bridge: $568M: On 7th October 2022, an exploit was affecting the native cross-chain bridge called “BSC Token Hub”. The bug was in the proof verifier of the bridge. A total of 2 million BNB was withdrawn and Binance temporarily paused BSC Network to prevent further damages. Funds taken off BSC are estimated between $100M — $110M. Further Reads: blog.quillhash.com/2022/10/11/the-million-dollars-bsc-token-hub-bridge-hack-analysis

  2. Nomad attacks: $200M: Back in August, hackers exploited Nomad to steal around $200 million. The main cause of the attack was that Nomad’s smart contract failed to properly validate the input of the transaction. Further Reads: sm4rty.medium.com/nomad-bridges-200-million-exploit-postmortem-9d1cd83db1f7

  3. Harmony Bridge: $100M: On June 2022, The Harmony Horizon bridge was exploited via the theft of two private keys. The attack resulted in a theft of roughly $100 million in various cryptocurrencies, including Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin (USDC). The attacker then used Tornado Cash to launder many of the stolen tokens. Further Reads: medium.com/harmony-one/harmonys-horizon-bridge-hack-1e8d283b6d66

  4. Ronin Bridge: $600M: In March 2022, a huge hack was carried out at Ronin Network, the Ethereum-based sidechain for the well-known cryptocurrency game Axie Infinity. The attackers stole approximately 173,600 ETH and 25.5 million USDC for a total value of approximately $624 million. The attacker allegedly used hacked private keys to fabricate bogus withdrawals from the Ronin bridge contract in two transactions. Further Reads: blog.chainalysis.com/reports/axie-infinity-ronin-bridge-dprk-hack-seizure

  5. Poly Network: $600M On 10th August 2021, Poly Network suffered from a hack that caused a loss of over 600 million dollars. The hack happened across multiple blockchains including Ethereum, Binance Smart Chain, and Polygon. This is the largest crypto hack yet. Further Reads: mudit.blog/poly-network-largest-crypto-hack

  6. Wormhole Bridge Hack: $320M On February 2nd, 2022, Wormhole Bridge was hacked for 120,000 wETH worth $320M. The hacker exploited the vulnerability in the smart contract and minted new tokens. After the hack, The Wormhole network was taken down to patch the vulnerability. Further Reads: rekt.news/wormhole-rekt


II - But How Bridges are Hacked?

  • Reference: Daniel Morales

Fake Events:

Often, a cross-chain bridge will monitor for deposit events on one blockchain to initiate a transfer to the other. If an attacker can generate a deposit event without making a real deposit or by depositing with a valueless token, then they can withdraw value from the bridge at the other end.

Message Verification Bug:

Cross-chain bridges perform validation of a deposit or withdrawal before actually performing any transfers. There have been many instances in the past where lack of proper validation of signature leads to millions of dollars hacks. Recently BSC chain was attacked because of a similar bug and a total of 576 Million was withdrawn by hackers.

Lack of cross-contract access control in blockchain bridges:

It is important to have access control validations on critical functions that execute actions like modifying the owner, transfer of funds and tokens, pausing and unpausing the contracts, etc.

Validator Takeover:

Some cross-chain bridges have a set of validators that vote whether or not to approve a particular transfer. If the attacker controls most of these validators, they can approve fake and malicious transfers. This is what happened to these validators in the Ronin Network hack, where the attacker took over 5 of the bridge’s 9 validators.

Admin Private Key Leak:

If the admin key of the smart contract is leaked, all the funds and operation of the smart contract will be at great risk. Recently, the Harmony bridge was exploited via the theft of two private keys. The attack resulted in a theft of roughly $100 million in various cryptocurrencies.


III - Conclusion

In the end, I would like to say that we hope that this article was informative and useful for you! Thank you for reading! The most important thing I wanted to get across to you can be summed up in one sentence:

Once something is on the blockchain, it is permanent and accessible to anyone. So if there’s a flaw in the bridge, you can guarantee that the hackers will exploit it.

If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money!

Resources:

Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!


Kogaan! Zu'u wah dein hin faraan! 🐉

If you want to support my work, please consider donating me:

Subscribe to Officer's Blog
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.