Cross-Chain Bridge Hacks
Digital attacks on blockchain ecosystems are one of the major concerns of investors. The most targeted protocols are Cross-Chain Bridges, which is a protocol used to move assets from one blockchain to another. This works by an individual depositing tokens on one chain and receiving debt tokens on another one. The deposit is kept in custody until the individual burns his debt tokens on the other blockchain. Therefore, in order to achieve this, there is a custodian on the blockchain of origin, a communicator between blockchains (which is usually an Oracle) and a Debt Issuer on the destination blockchain. As one can see, there are several levels of trust in all of the bridging process, and these protocol elements are possible venues of attacks for hackers. Until this article’s date of writing, in 2022, six main exploits on Cross-Chain Bridges have led to losses of around $1,417,000,000, which are: Ronin Bridge, Wormhole Bridge, Nomad Bridge, BNB Chain, Harmony Protocol and Qubit Finance.
In a simple way, the Cross-Chain Bridge exploits can be split into three main kinds: Fake Deposits, Signature Verification Bypass and Validator Majority Attack. Fake Deposit consists of an attack on the Custodian (also called Validator) of the bridge due to a flaw in the logic of the smart contract coding controlling this process. This kind of attack happened on both Qubit Finance and BNB Chain hacks. The BNB Chain hack is the most recent one, having happened on October 6. It was an attack on the BSC Token Hub, which is a bridge between the BNB Beacon Chain (old Binance Chain) and the BNB Smart Chain (BSC). In this case, the hacker managed to forge proof messages of non-existent tokens being deposited on the BNB Beacon Chain, which resulted in the mint of 2 million BNB (nearly $ 570 million). Due to the fast response of the BNB Chain validators, only around $100 million were compromised.
The next attack is the Signature Verification Bypass. A known process for verifying transactions is the digital signature, which consists of using a wallet’s private key to sign the transaction and its corresponding public key to authorize the sender (more on private and public keys soon in the following technical article about Cryptography). But, if the smart contract used on the protocol uses an outdated function, it may be unable to verify if certain instructions are correct. Therefore, an attacker could create an input account with malicious data to imitate a previously valid digital signature, then bypass the verification step and generate proof messages so that free tokens are minted. This is what happened to the Wormhole Bridge and Nomad Bridge hacks
The final hack is the Validator Majority Attack. Just like usual blockchains, some cross-chain bridges have validators that vote on certain transfer approvals. So, if an attacker controls the majority of validators, they can approve any transaction, like withdrawing the bridge assets under custody. The most infamous case of bridge hack was of this kind, on the Ronin Network, in which the attacker took control of five of the nine validator nodes of the ecosystem and stole $620 million. There is evidence that the North Korean Lazarus Group was behind the attack. The hacker group got access to the private keys of the validator nodes, therefore compromising them. Reports later showed that the cause of the exploit was an advanced spear phishing attack.
With that, one can verify that cross-chain bridges may not be the best solution for cross-chain interoperability, or at least not yet. In addition to that, Vitalik Buterin (Ethereum’s founder) has written about why he is not optimistic about cross-chain applications due to the implications of possible 51% attacks (https://bit.ly/3gg4LGz).
