- Cross-chain bridge exploits are on the rise.
- In the last year, these exploits accounted for over $2B stolen from Defi protocols.
DeFi protocols have gained much traction in recent years, and for a good reason. They offer a comprehensive suite of financial services accessible to anyone with an Internet connection. However, one of the DeFi protocols' challenges is the lack of interoperability between blockchains.
As these protocols span multiple blockchains, moving assets between them is difficult. This is where cross-chain bridges come in. By connecting different blockchains, cross-chain bridges support the seamless transfer of assets between them. In doing so, they play a vital role in the functioning of DeFi protocols and enable users to take full advantage of their benefits.
But despite their centrality to the DeFi sector, cross-chain bridges have an Achilles heel; they are susceptible to exploits. The bridges have come under attack from malicious actors looking to exploit vulnerabilities. BanklessTimes.com reports that over $2 billion has been stolen from DeFi protocols via bridge exploits in the past year.
Need For Improved Security
While this is a small fraction of the overall value locked in DeFi protocols, it highlights the need for improved security in this burgeoning sector. BanklessTimes CEO Jonathan Merry agrees with that assertion. He says that the trustless nature of DeFi protocols is behind the proliferation of such acts.
DeFi bridge exploits are a real and present danger. The fact that there is no need for a third party makes cross-chain bridges attractive to criminals. If they can find a way to exploit the system, they can steal large amounts of digital assets with little risk of being caught. What we're seeing is the power of the decentralized internet coming to fruition. It's tough to secure something when you don't control all the pieces. Nevertheless, he's optimistic that developers in the DeFi space will find robust deterrents as the sector matures.BanklessTimes CEO Jonathan Merry
Why Are Defi Platforms Vulnerable to Bridge Exploits?
So why are DeFi platforms vulnerable to these sorts of attacks?
A typical bridge exploit works like this: The hacker finds a vulnerability in the code of one blockchain that allows them to transfer funds out of that blockchain into another. They use this vulnerability to transfer funds from the target blockchain into a wallet they control.
Upon confirmation of receipt of funds, the hacker transfers them to another wallet or withdraws them, thus completing the exploit. DeFi platforms are vulnerable to bridge exploits because they rely on multiple blockchains for their operation.
These blockchains include the underlying blockchain and any sidechains that the DeFi platform uses. Since each operates independently, a hacker can find vulnerabilities in either of their smart contracts exploiting them to steal funds.
The Top Three Bridge Exploits of 2021 and 2022
In August 2021, Poly Network announced that it had fallen victim to exploits on the Binance, Ethereum, and Polygon networks. The attack sent shockwaves through the markets, as Poly Network became one of the largest protocol hacks at the time - with $600 million in total funds being stolen.
These stolen funds included ETH worth $273M, $253M in BSC tokens, and USDC amounting to $85M. The hacker would return the funds insisting that he intended to highlight the network's security failings. He also declined a $500K bounty and the CSA position at the firm.
In March 2021, an attacker exploited the Ronin Bridge, an Ethereum-based sidechain for the popular blockchain game Axie Infinity. The attacker used hacked private keys to falsify withdrawals from the platform's Smart contract, stealing nearly $600 million in ETH and USDC.
Binance suffered a major security breach on October 7th, 2022. Attackers exploited a flaw in the BNB Chain token that enabled them to mint 2 million tokens worth $569 million. Crypto-tracing firm Elliptic reported that they traded some of the tokens for ETH-based digital assets worth $53M. Binance temporarily shut down its Blockchain, minimizing the loss.
What Can We Do to Mitigate Bridge Exploits?
To mitigate these exploits, all stakeholders in the Defi Sector need to work together to improve security. There are several things they can do towards that end.
Strengthening Cross-Chain Security Protocols
One of the most important things developers can do is strengthen their cross-chain bridges' security protocols. This includes implementing better authentication and authorization mechanisms and more robust encryption protocols.
Enhancing Due Diligence Practices
Stakeholders should also enhance their due diligence to ensure they only work with reputable and secure cross-chain bridging providers. Again, auditors need to be more rigorous in their analysis of smart contracts and identify potential exploits before they happen.
Promoting Awareness and Education
Finally, stakeholders should promote awareness and education on cross-chain exploits among all users of blockchain ecosystems. This move will help them to be more vigilant about potential threats and take steps to protect their funds and data.
Improving Communication
Another critical step is to improve communication among stakeholders. This will help them share information about new threats and vulnerabilities so that they can be addressed quickly. That way, they can cooperate in developing standardized security measures for the Defi Sector.
Contributors
