top of page
Yanda logo
Writer's pictureFrancesco Greco

Crypto bridges hack techniques

Updated: Apr 14, 2023


"Crypto bridges hack techniques" article cover

Cross-chain bridges are tools that connect several blockchains with different architectures, allowing them to exchange data, information and cryptocurrency.


But how have bridges become the main target of hackers, and how do they specifically happen to these attacks?


Let’s find out together!


 

What is a cross-chain bridge?


A blockchain bridge is a protocol that connects two different blockchains and allows them to exchange information and tokens.


They are protocols that can put communication between two isolated blockchain ecosystems, facilitating interconnection between blockchains through transferring information, data and assets.


 

What is a cross-chain bridge hack?


A cross-chain bridge hack is a type of attack on a blockchain network that involves exploiting vulnerabilities in the protocol.


The attacker may exploit weaknesses in the bridge's code or use social engineering tactics to trick users into transferring their assets to the attacker's address instead of the intended recipient. This can result in the theft of users' assets or the manipulation of the value of the assets being transferred.


 

What is the largest bridge hack?


In 2022, hackers were able to drain billions of dollars from several cross-chain bridges, and they now account for about 70% of the total cyberattacks in the entire blockchain industry.



  1. Ronin | $600 Million

  2. Wormhole | $320 Million

  3. Nomad | $200 Million

  4. Harmony | $100 Million

  5. BSC | $100 Million

  6. Qubit | $80 Million


 

Why crypto bridge hacks are so frequent?


Cross-chain bridges are the most lucrative as well as vulnerable protocols in DeFi. Although these protocols are a sought-after target, they also tend to have many weak spots, which is why have appeal to hackers.


They are relatively “new tools” in the DeFi industry; they aren't as battle-tested as the oldest blockchains. If hackers have experience with blockchain coding - mostly Solidity and Rust languages- there's a chance they can find vulnerabilities and flaws in a smart contracts.


Moreover, some projects make their codes open source to promote transparency.

Open-source codes help build trust and make it easier for malicious actors to review, copy, or manipulate a bridge's software.


Lastly, since DeFi is largely unregulated and doesn't require KYC (Know Your Customer), it's easier for hackers to avoid legal repercussions.


 

How Blockchains can be hacked


When a bridge is under attack, different things can go wrong with these operations.


Usually, there are five parties involved in bridging operations executed by smart contracts:

  • The Custodian, the main chain, where assets are stored;

  • The Debt issuer; the other chain, where assets will release;

  • The Communicator; informs the Custodian to release the deposited assets (often an Oracle);

  • The Interface;

  • The Network.

cyber keys representation

Custodian, Debt issuer and Communicator are the most vulnerable parties during a cross-chain bridge hack.


Custodian

Concerning the custodian, the most common breaches can occur when:

  • The asset amount released for the burnt tokens is incorrect

  • The assets released despite the debt token not being burnt

  • Asset transaction replay for a single burn transaction

Debt issuer

As regards the debt issuer, when:

  • The amount of debt issued to the deposited assets is incorrect

  • Debt token issued without the verification

Communicator

Instead, problems with the communicator can occur when:

  • Issues debt tokens without any deposited assets

  • Accept fraudulent messages from a fake custodian or a debt issuer

  • Does not relay messages

  • The source contract does not emit events upon deposit/withdrawal


Other irregular activities could be 51%attack, the deposit from another account or executing any calls from any contract, and validators take over.


 

Frequently Asked Questions about Cross-chain bridges hacks


Is it possible to hack trust wallet?

Even if Trust wallet is one of the most secure wallets, it will be never 100% safe from hacks.

Is cross-bridge safe?

What is 51% rule in blockchain?


 

Conclusion

For all these reasons, cross-chain bridges are not completely unsafe but surely are the most vulnerable tools of the web3 ecosystem. While cross-chain bridges have the potential to promote interoperability between blockchains, creating secure ones remains the great challenge of the crypto industry.



Let us know through our channels: Discord and Telegram.

81 views0 comments

Kommentare


bottom of page