According to crypto analytics firm DefiLlama, bridge protocols are ranked third in terms of total value locked (TVL) after decentralized exchanges (DEX) and lending protocols. There are just 30 bridges currently yet they command over $10 billion in TVL. Despite the prevalence of bridges, it has come under scathing attacks. The Ronin bridge behind the popular Axie Infinity game was exploited for a whopping $625 million making it one of the largest decentralized finance (DeFi) hacks till date. In June, Harmony One’s Horizon Bridge lost over $100 million in an attack. In August, another $200 million was lost from the Nomad Bridge as a consequence of an exploit of a vulnerability in its smart contracts.
In this article, we will try to understand what bridges are and why they are prone to attacks in the crypto ecosystem.
Bridges are protocols that bridge tokens from one network to another. Say an investor needs to transfer BTC from the Bitcoin network to Ethereum (ETH) network. One of the primary reasons why such a need arises can be the lack of DeFi apps or smart contracts on the Bitcoin network. But these assets are not compatible with each other. Here’s where bridges come in. Bridges are tools that allow the creation of synthetic derivatives that represent an asset from another blockchain. In this case, BTC is converted to WBTC with W standing for Wrapped, according to the ERC-20 token standard that’s compatible on Ethereum network.
While the security risks associated with a validator (like BitGo) is implicit given its centralized nature, cross chain bridge protocols on the other hand with decentralized design like Ronin bridge were considered to be safe and robust. But it was proven wrong as the Ronin protocol, which is the Ethereum sidechain created for the game of Axie Infinity, was hacked using a security exploit. To put it simply, the security limits of cross chain bridges are fundamentally limited.
Bridges can be classified into two main groups: trusted and trustless. Trusted platforms are platforms that rely on third parties to validate transactions while acting as custodians of the bridged assets. On the other hand, platforms that rely purely on smart contracts and algorithms to store custody assets are referred to as trustless bridges.
Both trusted and trustless approaches can have fundamental or technical weaknesses. To be more precise, the centralization facet of a trusted bridge presents a basic flaw, and trustless bridges are vulnerable to exploits that stem from the underlying code. Simply, if there is a flaw in the smart contract, it is almost certain that parties with malicious intentions will attempt to exploit it.
A crucial first step towards addressing the security issues on blockchain bridges can be an extremely rigorous source code audit before deploying the bridge on the blockchain. This must be a ground-up check to minimize any flaws whatsoever, because all it takes is one bad line of code and hackers will be at the doorstep.
Due to that, it is important for users to do their due diligence before connecting with any bridging ecosystem.
We have launched Cryptogram, an India-focused free weekly newsletter on blockchain tech, global crypto markets, and Web 3.0 technologies which promise to change our future. If you would like to subscribe to this newsletter, click here. You can read our past editions here. Also, check out our website here.
Use promocode TNM51 at www.giottus.com/profile#promo after registration to get Rs.51 worth free Bitcoin.
Disclaimer: This article was authored by Giottus Crypto Exchange as a part of a paid partnership with The News Minute. Crypto-asset or cryptocurrency investments are subject to market risks such as volatility and have no guaranteed returns. Please do your own research before investing and seek independent legal/financial advice if you are unsure about the investments.