- So far this year, hackers have carried out 13 attacks on bridge service protocols between different blockchains.
- The attacks come at a high cost to companies like Nomad Bridge, which suffered an exploit this week, and undermine user confidence.
Blockchain analytics and data research firm Chainalysis believes that cross-chain bridging protocols have become the number one security risk to the crypto industry today.
Chainalysis estimates the amount lost to cryptocurrency theft via the 13 hacks to have taken place this year on cross-chain bridges to be as high as $2 billion, following the recent the Nomad Bridge exploit.
Cross-chain bridging is a tool specially designed to solve interoperability issues between two blockchains at times when networks like Ethereum are congested. Bridging services allow users to transfer tokens and NFTs quickly, easily, and for lower fees.
Cross-chain bridge hacks make up 69% of all stolen cryptocurrency funds during 2022. “This represents a significant threat to building trust in blockchain technology,” Chainalysis stated. The firm’s analysts explain that the increase in traffic through interchain bridges has made such tools “more attractive victims for hackers.”
“That bridges are now a top target for North Korean-linked hackers, who–according to our estimates–have stolen approximately $1 billion worth of cryptocurrency so far this year, entirely from bridges and other DeFi protocols,” the report noted. According to Chainalysis, companies that provide these services can take appropriate measures to protect themselves: “In the event of a hack, they can leverage the transparency of blockchain technology to investigate the flow of funds and ideally prevent attackers from cashing out their ill-gotten gains.”
Why Are Chain Bridges So Vulnerable?
Bridges have allegedly become a very attractive target for hackers because they often have “a central storage point of funds that back the “bridged” assets on the receiving blockchain.” Regardless of how funds that remain in a smart contract, or in the custody of a centralized operator, are stored, these storage points become priority targets for hackers.
Chainalysis outlined that, another reason is that "effective bridge design is still an unresolved technical challenge, with many new models being developed and tested." They added, "these varying designs present novel attack vectors that may be exploited by bad actors as best practices are refined over time."
How Can the Industry Protect Itself?
The key is to invest in training and security measures for these platforms—an approach taken by centralized exchanges two years ago, at which time they were the most pursued targets by hackers. Chainalysis explains that this changed for two primary reasons, the first is that centralized exchanges started putting a higher priority on their security, and the second is that hackers typically look to exploit newer, more vulnerable services in the industry.
They analytics firm also recommends implementing frequent, rigorous code audits, which "become the gold standard of DeFi, both for those building protocols and for the investors evaluating them." As more powerful and secure smart contracts are developed in the future, they may serve as templates for developers to build network protocols that are less vulnerable to hacks.
For more information on related cases of theft and exploitation in the crypto industry, check out:
$190M Drained As Nomad Bridge Falls To Phishing Exploit
Cybercriminals Stole LinkedIn and Indeed Profiles to Apply for Crypto Jobs