Blockchain bridges allow decentralized finance (DeFi) users to use the same tokens across multiple blockchains. For example, a trader can use USD Coin
Blockchain bridges allow decentralized finance (DeFi) users to use the same tokens across multiple blockchains. For example, a trader can use USD Coin (USDC) on the Ethereum or Solana blockchains to interact with the decentralized applications (DApps) on those networks.
While these protocols may be convenient for DeFi users, they are at risk of exploitation by malicious actors. For example, in the past year, the Wormhole bridge — a popular cross-chain crypto bridge between Solana, Ethereum, Avalanche and others — was hacked, with attackers stealing over $321 million worth of wrapped Ethereum (wETH), the largest hack in DeFi history at the time.
Just over a month later, on March 23, 2022, the Ronin Network bridge — Axie Infinity’s Ethereum-based sidechain — was hacked for over $620 million, and on Aug. 2, the Nomad bridge was hacked for over $190 million. In total, over $2.5 billion was stolen from cross-chain bridges between 2020 and 2022.
Trustless bridges, known as noncustodial or decentralized bridges, could improve users’ security of cross-chain transfers.
What is a blockchain bridge?
A cross-chain bridge is a technology that allows sending of assets or data from one blockchain network to another. These bridges allow two or more separate blockchain networks to talk to each other and share information. The interoperability provided by cross-chain bridges makes it possible to move assets from one network to another.
Recent: SEC vs. Kraken: A one-off or opening salvo in an assault on crypto?
Most bridging technologies use smart contracts on both blockchains to make cross-chain transactions possible.
Cross-chain bridges can move many assets, such as cryptocurrencies, digital tokens and other data. Using these bridges makes it easier for different blockchain networks to work together and for users to take advantage of each network’s unique features and benefits.
Trusted bridges vs. Trustless bridges
When it comes to bridging protocols, there are two main types, centralized (trusted) bridges and decentralized (trustless) bridges. Trusted bridges are managed by centralized entities that take custody of the tokens once they are transferred to the bridge. A major risk with custodial bridges is the single point of failure (the centralized custodian), which makes it an easier target for hacking attempts.
Instead of using centralized custodians to transfer tokens across blockchains, trustless bridges use smart contracts to complete the process.
Smart contracts are automated programs executing certain actions once the conditions are met. Due to this, trustless bridges are seen as a safer alternative since each user maintains custody of their tokens during the transfer process.
However, trustless bridges can still be compromised if the smart contract code has vulnerabilities not identified and fixed by the development team.
Pascal Berrang, blockchain researcher and core developer at Nimiq, a blockchain-based payment protocol, told Cointelegraph, “In general, the use of cross-chain bridges introduces additional risks over the use of a single blockchain.”
“It increases the attack surface through blockchains, potential custodians and smart contracts. There are various types of cross-chain bridges, which come with different trade-offs in terms of these risks.” He continued:
“Cross-chain bridges naturally involve two or more blockchains, typically using distinct security mechanisms. Hence, the security of bridged assets depends on the weakest blockchain involved in the bridge. For example, if one of the blockchains is attacked, it would make it possible to revert a cross-chain swap on one of the chains but not on the other – resulting in an imbalance of assets.”
Berrang also stressed the vulnerabilities connected to the bridged assets being locked into the bridge. “Funds are usually stored or locked in a central place, constituting a single failure point. Depending on the type of the bridge, these funds are subject to different risks: In a smart-contract-based bridge, bugs in those contracts can make bridged assets worthless,” Berrang said.
“An example could be a bug that allows infinite minting of new bridged tokens. Bridges that trusted custodians operate are subject to counterparty risks if the custodians misbehave or their keys are stolen,” he added.
Jeremy Musighi, head of growth at Balancer, an automated market maker, believes that additional risks lie in the complexity of blockchain bridges, telling Cointelegraph that “Cross-chain bridges come with several significant risks. Security is one of the biggest risks; due to the complexity and difficulty of implementing cross-chain bridges, they’re prone to errors and vulnerabilities that malicious actors can exploit to steal assets or perform other malicious actions.”
Musighi also noted that scalability issues pose further risks for the bridging process, stating, “Another risk is scalability, as cross-chain bridges may not be able to…
cointelegraph.com