After the bear market, another sword of Damocles would hang over the future of the crypto sphere. These are indeed acts of piracy in the world of cryptocurrencies. Although it represents a very small proportion of the overall volume of transactions in the sector, the resurgence of this scourge in recent months is starting to become worrying.
Ronin, Wormhole, Beanstalk, Harmony Bridge: the victims of hacks in the cryptocurrency universe are numerous during this year. While in 2021, the funds stolen by hackers represented nearly 3 billion, this year, in just 7 months, the hacks already amount to 2.89 billion dollars according to a chainalysis report.
This week, on Monday, a flaw in Nomad’s bridge smart contract caused nearly $190 million to leak onto the network. Two days later, hackers grabbed $8 million from Phantom and Slope, two protocols native to Solana’s network.
Cross-Chain bridge: A sector particularly targeted by hacks
According to the investigative firm’s report, cross-chain bridges are the ones that suffered the greatest number of hacks in 2022. They represent 69% of the total funds stolen in the crypto sphere, i.e. nearly 2 billion dollars of losses for the sector.
The vulnerability of the inter-chain bridges would be linked to “the central point of storage” according to what Chainalysis pointed out.
“Bridges are an attractive target because they often feature a central fund storage point that secures the “bridged” assets on the receiving blockchain. Regardless of how those funds are stored — locked up in a smart contract or in a centralized custodian — that point of storage becomes a target.”
Can we read in the report
In his long argument castigating inter-chain bridges, Vitalik Buterin for his part points to a security problem when transferring assets from one blockchain to another. This last illustrated his words through this example:
“Now imagine what happens if you move 100 ETH across a bridge on Solana to get 100 Solana-WETH, and then Ethereum is 51% attacked. The attacker deposited a bunch of his own ETH into Solana-WETH, then reversed that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully collateralized, and perhaps your 100 Solana-WETH is only worth 60 ETH. Even if there is a perfect ZK-SNARK based deck that fully validates the consensus, it is still vulnerable to being stolen by 51% attacks like this”.
What solutions to consider?
The co-founder of Ethereum has a fairly strong opinion on inter-chain bridges. According to Vitalik, they should not be part of the future of cryptocurrencies. Chainalysis was less categorical and invites the companies behind these so-called protocols as well as others in the crypto sphere to adopt two measurement frameworks to avoid hacks.
First, the investigative firm urges companies to invest in training and safety measures. She said in the report:
“For example, with the North Korea hackers in particular, sophisticated social engineering tactics that leverage the trust and recklessness of human nature to gain access to corporate networks have long been a vector of privileged attack. The teams must be trained in these risks and these warning signs”.
Second, Chainalysis advises companies to react quickly after acts of piracy:
“If a service is under attack, time is precious. Tracking and tagging funds immediately in the Chainalysis platform can make the difference in preventing bad actors from cashing out their ill-gotten gains.”
All information on our website is published in good faith and for general information purposes only. Any action taken by the reader based on information found on our website is entirely at their own risk.