Vitalik’s Skepticism about Cross-Chain Bridges’ Security were True
Earlier this year, Vitalik raised concerns about the safety of cross-chain bridges. He believes that Multi-chain solutions are the future of blockchain technology. However, Buterin suggests keeping possession of a native blockchain’s assets within that native blockchain is safer than keeping them on a non-native blockchain.
Hacks Have Followed Since Vitalik’s Warnings
Months later, his sentiments have been confirmed after a series of hacks have happened during the course of this year. From January 20th through to 2nd August, there’ve been about 9 recorded hacks all linked to cross-chain bridges.
On January 20th a Multichain bridge was hacked. About three days after the flaw was discovered, hackers took advantage of a cross-chain bridge Multichain’s vulnerability. According to a report by the online magazine Vice, they had taken around $3 million in cryptocurrencies.
About a week later, Qubit Finance bridge protocol suffered a loss totalling to $80 million after a looting where 206,809 coins were stolen.
A number of events, some regrettable and some highlighting the fundamental flaws of cross-chain bridges, contributed to the April Ronin attack.
The terrible part is that it seems like the hackers engaged in some classic social engineering. In other words, they were successful in phishing a Ronin employee for the private encryption keys needed to authenticate bridge transactions.
All these hacks alongside others like the February 8th Meter bridge $4.4 million attack, June 24th Harmony $100M attack, July 11th ChainSwap bridge $4.4M hack and the recent August 2nd Nomad Bridge $200 M smart contract hack all prove blockchain’s bridge vulnerabilities.
How do these Hacks Occur?
As you issue a protocol power over your money when you lend cryptocurrency to a project like Aave or Compound, you are concerned about risk. However, if you utilize a bridge, you’re only giving up control for a short while, and as long as you get to the other side without any problems, you don’t have to worry about taking any risks because you already have your money. In order to store all of this capital, which does not properly reflect how hazardous they are, bridges end up being used.
You end up with two tokens that have the same value when you use a bridge. This is good as long as one of the two is locked away and not accessible, but when they are compromised, you suddenly have two tokens in circulation that are equal in value. One of those tokens loses value because it is only a derivative, a receipt for the real token, similar to a paper note for a genuine bar of gold, and this value loss spreads to the entire blockchain ecosystem that depends on the use of the derivative.
As Vitalik argued, there is no way to stop bridges from being exploited maliciously against smaller blockchains since, even if the bridge is perfectly coded, the 51 percent attack is always possible if the value in a bridge becomes worth stealing. Only a bridge that takes days or weeks to confirm could stop this from happening, and that kind of bridge won’t be used.