Crypto bridges hack techniques
Updated: Apr 14
Cross-chain bridges are tools that connect several blockchains with different architectures, allowing them to exchange data, information and cryptocurrency.
But how have bridges become the main target of hackers, and how do they specifically happen to these attacks?
Let’s find out together!
What is a cross-chain bridge?
A blockchain bridge is a protocol that connects two different blockchains and allows them to exchange information and tokens.
They are protocols that can put communication between two isolated blockchain ecosystems, facilitating interconnection between blockchains through transferring information, data and assets.
What is a cross-chain bridge hack?
A cross-chain bridge hack is a type of attack on a blockchain network that involves exploiting vulnerabilities in the protocol.
The attacker may exploit weaknesses in the bridge's code or use social engineering tactics to trick users into transferring their assets to the attacker's address instead of the intended recipient. This can result in the theft of users' assets or the manipulation of the value of the assets being transferred.
What is the largest bridge hack?
In 2022, hackers were able to drain billions of dollars from several cross-chain bridges, and they now account for about 70% of the total cyberattacks in the entire blockchain industry.
Ronin | $600 Million
Wormhole | $320 Million
Nomad | $200 Million
Harmony | $100 Million
BSC | $100 Million
Qubit | $80 Million
Why crypto bridge hacks are so frequent?
Cross-chain bridges are the most lucrative as well as vulnerable protocols in DeFi. Although these protocols are a sought-after target, they also tend to have many weak spots, which is why have appeal to hackers.
They are relatively “new tools” in the DeFi industry; they aren't as battle-tested as the oldest blockchains. If hackers have experience with blockchain coding - mostly Solidity and Rust languages- there's a chance they can find vulnerabilities and flaws in a smart contracts.
Moreover, some projects make their codes open source to promote transparency.
Open-source codes help build trust and make it easier for malicious actors to review, copy, or manipulate a bridge's software.
Lastly, since DeFi is largely unregulated and doesn't require KYC (Know Your Customer), it's easier for hackers to avoid legal repercussions.
How Blockchains can be hacked
When a bridge is under attack, different things can go wrong with these operations.
Usually, there are five parties involved in bridging operations executed by smart contracts:
The Custodian, the main chain, where assets are stored;
The Debt issuer; the other chain, where assets will release;
The Communicator; informs the Custodian to release the deposited assets (often an Oracle);
Custodian, Debt issuer and Communicator are the most vulnerable parties during a cross-chain bridge hack.
Concerning the custodian, the most common breaches can occur when:
The asset amount released for the burnt tokens is incorrect
The assets released despite the debt token not being burnt
Asset transaction replay for a single burn transaction
As regards the debt issuer, when:
The amount of debt issued to the deposited assets is incorrect
Debt token issued without the verification
Instead, problems with the communicator can occur when:
Issues debt tokens without any deposited assets
Accept fraudulent messages from a fake custodian or a debt issuer
Does not relay messages
The source contract does not emit events upon deposit/withdrawal
Other irregular activities could be 51%attack, the deposit from another account or executing any calls from any contract, and validators take over.
Frequently Asked Questions about Cross-chain bridges hacks
Is it possible to hack trust wallet?
Even if Trust wallet is one of the most secure wallets, it will be never 100% safe from hacks.
Is cross-bridge safe?
Cross-chain bridges are not 100% safe. Non-custodial bridges are exposed to attackers. Blockchain bridges have increasingly become the target of thefts, which have long plagued the crypto sector.
What is 51% rule in blockchain?
The 51% rule in blockchain refers to the amount of computing power or hashing power controlled by a single entity or group of entities in a blockchain network. If a single entity or group of entities control more than 50% of the computing power in a blockchain network, they are said to have a majority or 51% of the network's hashing power.
For all these reasons, cross-chain bridges are not completely unsafe but surely are the most vulnerable tools of the web3 ecosystem. While cross-chain bridges have the potential to promote interoperability between blockchains, creating secure ones remains the great challenge of the crypto industry.
Do you think that Hybrid Finance can reduce the vulnerability of DeFi?