Cross Chain Bridge Hacks – Response to Axie 51% Attack
In the first three months of 2022, cross-chain bridge losses have risen to approximately $1.2 billion. In January, the Qubit bridge was hacked for $80 million. In February, the Wormhole bridge was hacked for $326 million exploiting weaknesses on the Solana signature portion of the smart contract. As recently as last week, the Ronin bridge lost $625 million in a 51% attack.
These significant hacks/attacks have resulted in a renewed discussion about the safety of the current cross-chain bridge solutions.
Despite the platforms agreeing to compensate users for their losses, the damage is done, and users are searching for answers to the security risk associated with this technology development. For those who aren’t aware, cross-chain bridges were created to transfer cryptocurrencies and NFTs between chains, allowing for increased interoperability, reducing costs, increasing liquidity, and providing expanded Defi opportunity/utility. The technology, although currently fragile, is a critical next step for user adoption due to the limitations of each independent protocol.
At the turn of the new year, Vitalik Buterin, founder of Ethereum, gave his stance on the dangers of this technology solution. Vitalik raises some valid arguments, stating the risks of a 51% attack precisely at the moment that one chain validates a wrapped transaction request from another chain leaving the newly wrapped asset unbacked. Of course, these outcomes are less likely when working with smaller figures, he states. A 51% attack is expensive and is not worth the risk and capital requirements when only small amounts are at stake. Once more significant amounts of value flood into the bridge ecosystem, there is a risk that attackers will be incentivized. There are mechanisms available that could increase the safety of these solutions such as third-party auditing of the core smart contracts and bug bounties for community led vulnerability discovery. However, these solutions are not complete fixes.
Currently, bridges are popular for locking large sums of cryptocurrencies into smart contracts to enable usage across protocols. Despite increasing liquidity and access to Defi, large values of cryptocurrencies will always be a draw for attackers regardless of the security implementations. It is, however, difficult to argue that the technology is not an essential function in the industry moving forward. Therefore, a key question we pose is what if the current primary use-case for cross-chain bridges differs from the future primary use-case?
There will always be vulnerabilities to find and exploit especially when large sums of money are involved. As such, a likely outcome is the increased utilization of NFT assets across chains.
At the moment, NFTs are primarily used for speculative artwork collections and gaming tokens, but soon, a more expansive list of use-cases currently in development will come to fruition. Whether the use case is ownership certifications, digital identities, utility-based NFTs, or access-based NFTs, the push away from using these bridges to merely transfer sums of value will decrease the incentive for the attackers/hackers. If the assets being transferred are not of high value but of utility, their desire to risk the capital to conduct such an attack reduces. In the near future, to create more market participation, users will require digital assets to be transferred across protocols to participate in different ecosystems. This shift could dictate the future of the cross-chain ecosystem and would benefit end-users greatly.
SOURCES
Aman Deol
http://NES.TECH/
http://finance.yahoo.com/news/crypto-hackers-stolen-173940395.html
http://old.reddit.com/r/ethereum/comments/rwojtk/ama_we_are_the_efs_research_team_pt_7_07_january/hrngyk8/
http://medium.com/coinmonks/cross-chain-bridge-protocol-why-it-always-attracts-hackers-b4afe09dbedf
http://www.certik.com/resources/blog/technology/cross-chain-bridge-attacks-explained