There’s a reason bridges are more important than the average stretch of road – and why holes are more dangerous. As the world of cryptocurrency has become more complex, more and more transactions rely on so-called crypto bridges that allow transactions involving a wide range of tokens. In June, hackers looted around $100 million from the Horizon crypto bridge. Even before this hack, the money stolen from the bridges had exceeded $1 billion, a stark reminder that just because something is useful, fast and cheap doesn’t mean it’s safe.
1. What is a cryptographic bridge?
A platform that allows tokens designed for one blockchain – the digital ledger that records and verifies transactions made using that token – to be used on another. Bridges were not needed in early cryptography. 13 years ago, there was only the Bitcoin blockchain. Today, there are thousands of blockchains, each with their own advantages – such as lower transaction fees – and with their own army of applications, ranging from non-fungible token (NFT) marketplaces to crypto exchanges. decentralized. Growing interest in DeFi, in which users often seek to lend or exchange a variety of currencies, has increased the need for mechanisms to bridge the gap between blockchains. More and more investors are looking to jump between channels to earn returns or buy art. Someone with Ether tokens may want to access blockchains that have lower “gas” or transaction fees than Ethereum, like Solana, to buy NFTs, or Polygon to play games, for example. .
2. How do crypto bridges work?
Most often using so-called wrapped parts. These are tokens that are meant to function as an individual representation of the value of other currencies, similar to stablecoins. Just as a stablecoin like Tether fixes the value of a single token at $1, a wrapped Ether token is worth what a single Ether (the currency of the Ethereum blockchain) is worth. Bridges typically use so-called smart contracts to automatically convert a user’s currency into a wrapped token that can be used on another blockchain. But if the underlying Ether deposited with a bridge is stolen, the wrapped Ether becomes worthless.
3. How big is the problem with bridges?
Nearly $12 billion is locked in Ethereum bridges, according to data from Dune Analytics. On March 23, the Ronin Bridge, which is connected to the popular online game Axie Infinity, was attacked, with the hacker stealing 173,600 Ether and 25.5 million USDC tokens in two transactions, for a total of around 600 million. of dollars. In February, hackers stole around $300 million from Wormhole, a bridge connecting Ethereum to the Solana blockchain. That same month, the Meter Passport bridge was hacked for several million dollars worth of crypto. In January, Qubit Finance, a project that enables cross-chain functionality, was hacked.
4. Why are bridges so vulnerable?
It’s not just hacks. Bridges have proven vulnerable to other unique issues. In 2021, the Optics bridge on the Celo network saw its bridge development team effectively lose control of the project. It can be difficult to determine what is wrong or who is responsible for the design or operation of a particular bridge. Developers can be anonymous, and the names of validators — a handful of computers that secure the bridge’s transactions — can be deliberately kept secret. Many are run by organizations with few security personnel – it can take days for a problem to even be discovered. In Ronin, the theft was not discovered until six days later.
5. What does this mean for crypto users?
They should be aware that security remains a widespread problem. Luckily for Wormhole users, its sponsor Jump Crypto ended up covering the bridge’s losses. Axie Infinity creator Sky Mavis said it will reboot the deck and refund users at the end of June. But such compensation is not guaranteed and should not be expected every time. Ethereum co-founder Vitalik Buterin said in January that bridges are insecure and that users should keep tokens only on the blockchains they are native to to stay safe.
• A Bloomberg News article on the wave of bridge hacks.
• An interview with the president of Jump Trading on the company’s response to a $325 million bridge robbery.
• Dune Analytics page on bridges.
• Explanations on Coindesk.com and Coinmarketcap.com bridges.
More stories like this are available at bloomberg.com