In the evolution towards a full multi-chain future, bridges remain more vulnerable to hacks than cryptocurrency networks themselves. In 2022 alone, over $2 billion in assets was stolen from token bridge exploits. The worst part is that they could have all been avoided by employing multiple security measures.
Through examining some of 2022’s attacks, we can better understand some of the major flaws in the system and the individual security measures that exist or are being developed to protect against them.
Social engineering attacks are the most common form of security breaches. Everyone has been subject to a social engineering attack at some point in their lives – either through phishing or honey traps, where “too-good-to-be-true offers” are promised in exchange for personal information.
Martin Köppelmann is co-founder of Gnosis.
Hackers in the biggest bridge exploit of 2022 relied on similar methods to siphon funds. The blockchain of the high-profile crypto game Axie Infinity was hacked with a phishing scheme that involved fake LinkedIn job offers.
The game’s developer, Sky Mavis, said its employees were targeted with fake job offers and even asked to appear for multiple rounds of job interviews. When the employees took the bait, hackers accessed their systems and made off with $625 million from the Sky Mavis’ Ronin Network. During a postmortem analysis of what went wrong, Sky Mavis said it had been the victim of advanced spear-phishing attacks.
Compromised private keys
In September 2022, Wintermute, an algorithmic market maker, was hacked for $160 million, likely due to a weakness in private keys generated by the Profanity app.
The hot wallet’s private key was exploited and used to drain the funds. Reports said flaws were previously detected in Profanity’s addresses, but the company didn’t take these reports seriously.
A similar reason was reported behind the hack of Slope, resulting in a loss of $6 million for the company.
Smart contract bugs
Smart contracts are programs stored in a blockchain set to trigger when certain predetermined conditions are met. In terms of e-commerce, for instance, it’s what confirms to a website that an item should be delivered once you’ve added it to your basket and paid for it. A bug in a smart contract can thus allow hackers to illegitimately trigger the transfer of money between blockchains without fulfilling any conditions.
In the case of Nomad, hackers were able to drain nearly $200 million from the bridge by discovering a misconfiguration in the primary smart contract which allowed anyone with a basic understanding of the code to withdraw funds.
That these bugs and security flaws were so blatantly exploited by hackers is a worrying thought, yet what’s more troubling still is that the ‘trusted’ systems that people didn't think about using were so easily exploitable.
The solution: multiple security measures
Bridge standards are sets of rules that define how different blockchain networks can communicate with each other, in this case, through a cross-chain bridge. While some of these protocols, by themselves, are at risk of exploitation, when put together they add much-needed additional layers of security.
By using multiple bridge standards at the same time, developers can offset weaknesses displayed in one protocol with the use of another protocol. Let’s look at some cryptographic standards that could be used in combination to add additional layers of security.
Multi-sig and committee
Multi-sig technology requires the signature or approval of multiple parties before a transaction can be executed. It can prevent unauthorized access to networks and ensure that no single party has complete control.
A committee bridge standard uses a group of trusted entities, or a committee, to manage the security of a network bridge. Members are responsible for approving and overseeing network transactions. Committees are beneficial when multiple organizations share access to a network.
Zero Knowledge (ZK) is a cryptographic technique that allows two parties to exchange information with each other without the need to reveal any additional information beyond what is absolutely required.
The integration of ZK models eliminates the need for the committee model by allowing developers to utilize light clients on-chain. By using Zero Knowledge Proof systems and specifically the “Succinctness” property of a ZK-SNARK, it is possible to efficiently perform this verification process using on-chain light clients. It is also possible to verify both state transitions and consensus on-chain for maximum security, similar to running a full node.
To do this, the on-chain light client uses ZKP systems to prove that the state of the source chain is valid. This is done by generating a proof that can be verified by the target chain without needing to know the entire state of the source chain. The use of on-chain light clients can help to improve the security and scalability of blockchains. By verifying the state of the source chain on the target chain, the target chain can be more confident that the state of the source chain is accurate. This can help to prevent fraud and other malicious activities while still working to scale the network. As a practical example, ZK can be used to prove that a transaction has been authorized by the owner of a particular wallet without revealing the private key.
Some bridges use an ‘optimistic’ approach to transaction verification wherein rather than immediately verifying each transaction on the target blockchain, optimistic bridges assume that each transaction is valid and then incentivize additional participants to point out fraudulent transactions for a reward. The funds are only cleared after this challenge period has lapsed. This means that optimistic bridges are game-theoretically secure, but not mathematically secure -- they rely on third parties to pay attention to what is happening. All of this is often abstracted away from the user through additional liquidity providers who independently check the veracity of the bridge claims and make the funds immediately available on the other chain against a fee of a few basis points.
Optimistic bridges can still be quite secure even though they do not immediately verify each transaction. This is because they use the "challenge and dispute" method; if a user believes that a transaction has been processed incorrectly, they can challenge the transaction and the bridge will investigate.
Challenges of implementing multiple bridge standards
When all is said and done, the best security is achieved by using a combination of standards. This way, if one bridge implementation experiences a bug or a security weakness, the other standards can still protect the network.
It should be noted that of course bridges still rely on the consensus mechanisms of the connecting networks. A bridge can never be more secure than the networks it connects.
Securely accessing a multi-chain world
Bridges are necessary to provide unfettered access to our multi-chain world, but we have to fortify these bridges in inventive ways to reduce points of attack. Blockchain technology is custom-built to allow strangers to come together and make direct, immutable decisions and the more we focus on utilizing the entire scope of the networks at our disposal the stronger our bridges will become.