In our first blog in the Interoperability series, we discussed why the future of blockchains belongs to a Crosschain world and the need for Interoperability. In the following two blogs (Part 1, and Part 2) we talked about the different categories of crosschain solutions and the various means of validating messages on bridges. Different bridges use different validation mechanisms, but bridge security ultimately determines the safety of the tokens transferred. Poor bridge security can result in a hack and loss of user funds. In this article, we’ll explore why and how bridges break.
According to the blockchain data platform, Chainalysis almost $2 billion has been stolen from bridges over the past two years, with close to 15 incidents reported. This data from Chainalysis reveals that bridge hacks constitute a significant proportion of the total funds stolen in DeFi in 2022, amounting to an alarming 69% of the total.
There are 3 core reasons for this:
- The technology is nascent: Bridges connect various L1 and L2 scaling solutions with new technologies, and as we experiment with different bridge models, some may be vulnerable to hacks. Over time, secure design patterns will be established, technology will become more reliable, and this issue will be largely resolved.
- The attack surface area is large: Bridges connecting multiple blockchains create a larger attack surface, especially for newer and less secure blockchains, making them more vulnerable to malicious actors.
- There is a lot of value at stake: As DeFi participants increasingly move funds across different chains to pursue yields, bridge usage is projected to grow. With Ethereum's Layer-2 ecosystem and multi-L1-chains, bridges present a lucrative target for exploiters.
Three main pillars of Bridge Security:
In order to understand how they break, we need to focus on the three main pillars of bridge security. Each of these pillars can have multiple ways of attacking. Let’s dive into the three main pillars, and how they can be compromised.
- Economic Security: The cost of corrupting a system by gaining control of the majority validators varies, but the higher the cost, the greater the economic security. The fastest way to undermine economic security is to steal the private keys of the validators, also known as the signer keys. More money is typically lost due to hacks involving compromised signer keys.
- Implementation Security: The complexity of the implementation of one's system is of great importance, as an upgrade to the messaging layer for bug fixes, speed, or new technology can pose a risk to the security of bridges and dApps. The most common way of compromising Implementation Security is by finding Smart Contract Vulnerabilities. This has been the cause of many bridge hacks. Compromising the RPC endpoints that the bridge utilizes is another way to compromise the security of the system. To ensure the security of the Implementation, the code should be kept simple and extensible. This is the fundamental principle of coding.
- Environment Security: The question here is ‘How can your system prevent 51% attacks on the underlying domain?’ This is all about ensuring that you maintain the high integrity of the environments that have really high economic value. One example of weak environment security would be, connecting a less secure blockchain to a more secure one such as Cardano to Ethereum. Cardano is probably easier to corrupt and sensor than Ethereum, but the bridge would allow a malicious state on Cardano to be transferred to Ethereum and break the integrity of Ethereum. Another example of compromised environment security might be Re-Org Attacks. You have a message that is initiated on the source chain and then it is completed on the destination chain, but we need to make sure that the source chain has reached finality.
Out of the most expensive five hacks, three were due to inadequate Implementation Security and two due to inadequate Economic Security. Notably, none have been caused by compromised Environment Security so far.
In conclusion, it is clear that there are several reasons why bridges are the main target for attackers, and that there are multiple ways to exploit them. Depending on the economic security, implementation security, and environmental security, hackers can start with the easiest attacks, such as stealing signer keys, to try more sophisticated attacks by submitting fraudulent proofs and exploiting vulnerabilities in the code. Now that we know why and how bridges get hacked, in the next and final blog of the Interoperability series, we’ll discuss how to mitigate these exploits, how to respond after a hack has occurred, and we will dive into the risk assessment and scoring framework to compare bridge safety.
Coinchange research team has written a long-form research report on Crosschain Interoperability and Security which will be published in the next few weeks, where we do a deep dive into the various bridge security models and propose solutions for users to make the right choice while selecting a bridge for their transaction. So stay tuned for that, meanwhile, kick back and earn a yield on your crypto using Coinchange.