Cross Chain Bridge Hacks in Crypto

Neither this post nor any other on cryptofal.com should be taken as financial advice. It is not.

The recent Ronin bridge hack that resulted in the theft of more than $600 million has highlighted the major security failures of cross-chain bridges. Having happened a short time following the Wormhole heist, where $325 million was stolen on a bridge between Ethereum and Solana, the image of the crypto industry becomes increasingly tarnished by these crimes and does little to assuage the public opinion on crypto’s user-friendliness.  

While the increased popularity of crypto has been good for the space, it also pushed companies into a race to build bridges quickly, without fully proofing their security. The rising demand for interoperability between blockchains has made otherwise secure protocols susceptible to hacks in the name of convenience.  In little more than a year, more than $1 billion has been stolen between seven cross-chain bridge hacks. The question now is how to safely transact between blockchains and what is the future for cross-chain security? 

The issue with the Ronan bridge theft is first that it took 6 days for the team to realize a significant amount of funds were missing.  The vulnerability in their security was through their use of a multi-signature system. Arjun Bhuptani, the founder of Connext, a non-custodial cross-chain protocol, pointed out that human error is what caused this and other attacks, rather than contracts and protocol. The Ronin bridge was exploited because the hacker(s) were able to find out who their validators were. They then used a remote procedure call (RPC), that should have been removed from the system but was used to communicate with four of the nine validators of the multi-sig system. The four that were compromised simultaneously, had signed a false message which was then used as authority to exit funds from the bridge.

Hacks like these, where thefts become more commonplace, damage the image of crypto and make the space less appealing for the mainstream investor. A major concern of governments, and what highly motivates recent calls for oversight, are with regard to security concerns and predation. However, the involvement of the government in tracking down hackers and recovering funds, more famously the Bitfinex theft, shows that the government is not ill-prepared on how to combat these crimes. 

In fact, exposure to vulnerabilities in cross-chain bridges is what will improve the overall security of the transactions, but it is important to keep in mind that the protocol is only as good as the bridge that connects it.