Crypto bridges hack techniques

As we analyzed top cross-chain bridge hacks, 2022 is undoubtedly the year of malicious attacks on the world of decentralized finance and even more of the cross-chain bridges.

These bridges are tools that connect several blockchains with different architectures, allowing them to exchange data, information and cryptocurrency.

But how have bridges become the main target of hackers, and how do they specifically happen to these attacks?

Let’s find out together!

Why is crypto bridge hack so frequent?

In 2022, hackers were able to drain billions of dollars from several cross-chain bridges.

This blockchain research from Chainalysis estimates that crypto bridge hacks now account for about 70% of the total cyberattacks in the entire blockchain industry. Cross-chain bridges are the most lucrative as well as vulnerable protocols in DeFi.

Although these bridges are a sought-after target, they also tend to have many weak spots, which is why have appeal to hackers.

Cross-chain bridges are relatively “new tools” in the DeFi industry; they aren't as battle-tested as the oldest blockchains. If hackers have experience with blockchain coding - mostly Solidity and Rust languages- there's a chance they can find vulnerabilities and flaws in a bridge's smart contracts.

Moreover, some bridge projects make their codes open source to promote transparency.

Open-source codes help build trust and make it easier for malicious actors to review, copy, or manipulate a bridge's software.

Lastly, since DeFi is largely unregulated and doesn't require KYC (Know Your Customer), it's easier for bridge hackers to avoid legal repercussions.

Types of bridge attack

As we have said several times, bridges are tools that allow the communication and the swap of tokens between different networks.

When a bridge is under attack, different things can go wrong with these operations.

There are normally five parties involved in token swap operations executed by smart contracts:

• The Custodian, the main chain, where assets are stored;

• The Debt issuer; the other chain, where assets will release;

• The Communicator; informs the Custodian to release the deposited assets (often an Oracle);

• The Interface;

• The Network.

But the problems can be countless.

Custodian

Concerning the custodian, the most common breaches can occur when:

• the asset amount released for the burnt tokens is incorrect

• the assets released despite the debt token not being burnt

• asset transaction replay for a single burn transaction

Debt issuer

As regards the debt issuer, when:

• the amount of debt issued to the deposited assets is incorrect

• debt token issued without the verification

Communicator

Instead, problems with the communicator can occur when:

• issues debt tokens without any deposited assets

• accept fraudulent messages from a fake custodian or a debt issuer

• does not relay messages

• the source contract does not emit events upon deposit/withdrawal

Other irregular activities could be 51%attack, the deposit from another account or executing any calls from any contract.

Conclusion

For all these reasons, cross-chain bridges are not completely unsafe but surely are the most vulnerable tools of the web3 ecosystem. While cross-chain bridges have the potential to promote interoperability between blockchains, creating secure ones remains the great challenge of the crypto industry.

Do you know cross-chain bridges that have not suffered malicious attacks?

Do you think that Hybrid Finance can reduce the vulnerability of DeFi?

Let us know through our channels: Discord and Telegram.

Further readings:

• Definition and explanation about the 51% attack on the blockchain.