Blockchain Bridges In Trouble

Another day, another hack, and another bridge on the blockchain is destroyed.

It was the eighth heist of 2022 to target Blockchain “bridges,” which are lines of code that assist transmit cryptocurrency money between different applications. The theft occurred last week when thieves stole an estimated $190 million from American crypto business Nomad.
According to statistics from London-based blockchain analysis company Elliptic, hackers have already stolen cryptocurrency worth over $1.2 billion from bridges this year, more than double the amount they did last year.
Ronghui Hu, an associate professor of computer science at Columbia University in New York and co-founder of the cybersecurity company CertiK, stated, “This is a conflict where the cybersecurity firm or the project can’t be the winner.”

“We have so many initiatives to safeguard. When they examine a project and discover no bugs, they (hackers) can just go on to the next one until they identify a weak spot.”

Currently, the majority of digital tokens operate on their own distinct blockchain, which functions as a kind of online ledger for cryptocurrency transactions. When initiatives using these coins get isolated, their chances of being widely used are decreased.
Blockchain bridges seek to topple these barriers. In “Web3,” the much-hyped vision of a digital future where cryptocurrency is integrated into online life and commerce, backers claim they will play a crucial role.

The Nomad hack ranked as the eighth-largest cryptocurrency theft ever. A $615 million theft from Ronin, which was utilized in a well-known online game, and a $320 million theft from Wormhole, which was used in so-called decentralized banking applications, are two other bridge thefts that have occurred this year.
According to Steve Bassi, co-founder and CEO of malware detector PolySwarm, “Blockchain bridges are the most fertile ground for new vulnerabilities.”

Support has been given to Nomad and other businesses who produce blockchain bridge software.

Nomad, situated in San Francisco, claimed to have received $22.4 million from investors just five days before being hacked, including prominent exchange Coinbase Global (COIN.O). Pranay Mohan, co-founder and CEO of Nomad, referred to its security methodology as the “gold standard.”

Advertisement

To monitor the stolen funds, it has stated that it is collaborating with law enforcement organizations and a blockchain analysis company. It announced a reward of up to 10% for the return of money stolen from the bridge late last week. It announced on Saturday that it had so far recovered more than $32 million of the funds stolen.

The restoration of bridging user cash is our first priority, and community is what matters most in cryptocurrencies, according to Mohan. “Any party that reimburses 90% or more of monies that were misused would be regarded as a “white hat.” White hats won’t be charged by us, “He claimed, making reference to purportedly moral hackers.
According to recent discussions with several blockchain and cyber security experts, bridges’ intricacy makes them potentially vulnerable points for projects and apps.

According to Ganesh Swami, CEO of blockchain data company Covalent in Vancouver, which had some cryptocurrency stored on Nomad’s bridge when it was hacked, “one reason why hackers have targeted these cross-chain bridges in recent times is because of the immense technical sophistication involved in creating these kinds of services.”

Some bridges, for instance, alter crypto coins to make them interoperable with various blockchains while keeping the original coins in reserve. Others rely on smart contracts, intricate agreements that automatically complete transactions.

All of these could have bugs or other weaknesses in the programming that could open the door to hackers.

So how should the issue be handled?

According to some experts, audits of smart contracts and “bug bounty” programs that reward open-sourced assessments of smart contract code could assist prevent cybercrimes.

Others argue that deconcentrating control over the bridges among fewer organizations would increase their resilience and code openness.

Advertisement

Because they frequently use a centralized infrastructure that typically locks up assets, cross-chain bridges are a tempting target for hackers, according to Victor Young, founder and chief architect of U.S. blockchain company Analog.