Blockchain Bridge Security In Question: Hackers Steal $2.5B

A recent report by Token Terminal revealed that Blockchain bridge hacks resulted in over $2.5b stolen between 2021 and 2022. Despite attempts by developers to improve bridge security, a debate in December 2022 on the Uniswap DAO forums showed that security weaknesses still exist.

Past bridges such as Ronin and Horizon used multi-sig wallets to prevent unauthorized withdrawals. Moreover,  attackers found ways to circumvent the system, leaving users with unbacked tokens.

Developers have turned to more sophisticated protocols like Celer, LayerZero, and Wormhole. Therefore, during a recent discussion on Uniswap governance across different blockchain networks. It became clear that no single solution is sufficiently secure to protect crypto assets.

The consensus was that only a multibridge approach can provide the necessary level of security. According to DefiLlama, as of February 15th, the total amount of crypto assets locked on bridges has surpassed $10 billion.

Blockchain bridges enable data exchange between two or more blockchains, such as cryptocurrency. However, each blockchain network has its own architecture and database. So bridges lock coins on one network and mint copies on another. The bridge burns the copies and unlocks the original coins when users move their coins back to the original network.

The Rise & Fall of Blockchain Bridges

In 2022, the Ronin and Horizon hacks raised concerns about attackers minting unbacked coins or withdrawing coins without burning their copies. This results in extra coins that are not backed by anything on the receiving chain.

Axie Infinity players used the Ronin bridge to move coins between Ethereum and the Ronin sidechain. However, an attacker obtained all four of Sky Mavis’ keys and a fifth signature from Axie DAO to withdraw over $600M worth of crypto despite precautions like five out of nine validator node signatures.

Similarly, the Harmony Horizon Bridge allowed users to transfer assets between Ethereum and Harmony. Still, an attacker could withdraw $100 million of crypto from the Ethereum side of the bridge after gaining and decrypting two keys.

Related Reading | Ethereum In The Crosshairs: SEC Chair’s Changing Perspective On Crypto Securities

To improve security, developers focus on bridging protocols that can be customized or implemented for specific needs. LayerZero, for example, verifies that coins are locked on the original chain before minting on the destination chain using two servers.

However, Uniswap DAO’s discussion underscores the need for a multibridge solution to secure crypto assets in a cross-chain environment.