Over $2.5 billion was stolen in cross-chain crypto bridge hacks from 2021 to 2022, according to a report by Token Terminal. But, despite several attem
Over $2.5 billion was stolen in cross-chain crypto bridge hacks from 2021 to 2022, according to a report by Token Terminal. But, despite several attempts by developers to improve bridge security, a debate from December 2022 to January 2023 on the Uniswap DAO forums has laid bare security weaknesses that continue to exist in blockchain bridges.
In the past, bridges like Ronin and Horizon used multisig wallets to ensure that only bridge validators could authorize withdrawals. For example, Ronin required five out of nine signatures to withdraw, whereas Horizon required two out of five. But attackers figured out how to circumvent these systems and withdrew millions of dollars worth of crypto, leaving users of these bridges with unbacked tokens.
After these multisig bridges were hacked, developers started turning to more sophisticated protocols like Celer, LayerZero and Wormhole, which claimed to be more secure.
But in December 2022, Uniswap DAO began discussing deploying Uniswap v3 to the BNB Chain. In the process, the decentralized autonomous organization (DAO) had to decide which bridge protocol would be used for cross-chain Uniswap governance. In the discussion that followed, the security of each solution was challenged by critics, leaving some observers to conclude that no single bridge solution was secure enough for Uniswap’s purposes.
As a result, some participants concluded that only a multibridge solution can secure crypto assets in the cross-chain environment of crypto today.
Over $10 billion of crypto assets are currently locked on bridges as of Feb. 15, according to DefiLlama, making the issue of bridge security an urgent one.
How blockchain bridges work
Blockchain bridges enable two or more blockchains to share data with each other, such as cryptocurrency. For example, a bridge may enable USD Coin (USDC) to be sent from Ethereum to BNB Chain or Trader Joe (JOE) from Avalanche to Harmony.
But each blockchain network has its own architecture and database, separate from others. So in a literal sense, no coin can be sent from one network to another.
To get around this problem, bridges lock coins on one network and mint copies of them on another. When the user wants to “move” their coins back to the original network, the bridge then burns the copies and unlocks the original coins. Although this doesn’t move coins between networks, it’s similar enough to suit the purposes of most crypto users.
However, the problem arises when an attacker can either mint unbacked coins on the receiving chain or withdraw coins on the sending chain without burning its copies. Either way, this results in the receiving chain having extra coins that are not backed by anything. This is exactly what happened in the Ronin and Horizon hacks of 2022.
Ronin and Horizon: When bridging goes wrong
Ronin bridge was a protocol that allowed Axie Infinity players to move coins between Ethereum and the Ronin sidechain to play the game.
The Ethereum contracts for the bridge had a function called “withdrawERC20For,” which allowed Ronin validators to withdraw tokens on Ethereum and give them to the user, with or without burning them on Ronin. However, the Ronin software that validators ran was programmed only to call this function if the corresponding coins on Ronin had been burned. Calling the function required signatures from five out of the nine validator nodes, preventing an attacker from withdrawing the funds even if they got control of a single node.
To further ensure that the funds couldn’t be stolen, Axie Infinity developer Sky Mavis distributed the majority of validator keys to other stakeholders, including Axie DAO. This meant that if Sky Mavis’s computers were taken over, the attacker still wouldn’t be able to withdraw coins without their backing since the attacker would only have four keys.
But despite these precautions, an attacker could still obtain all four of Sky Mavis’ keys, plus a fifth signature from Axie DAO to withdraw over $600 million worth of crypto from the bridge.
Recent: SEC vs. Kraken: A one-off or opening salvo in an assault on crypto?
Sky Mavis has since reimbursed victims of the attack and has relaunched the bridge with what the developers call a “circuit breaker” system that halts large or suspicious withdrawals.
A similar attack happened to the Harmony Horizon Bridge on June 24, 2022. This bridge allowed users to transfer assets from Ethereum to Harmony and back again. The “unlockTokens” (withdraw) function could only be called if two out of five signatures from the Harmony team authorized it. The private keys that could produce these signatures were encrypted and stored using a key management service. But through some unknown method, the attacker was able to gain and decrypt two of the keys, allowing them to withdraw $100 million of crypto from the Ethereum side of the bridge.
The Harmony team proposed a reimbursement plan in August 2022 and relaunched the bridge using LayerZero.
After…
cointelegraph.com