cross-chain bridges

Blockchains need an interoperable standard to evolve, say crypto execs

Blockchains will need interoperability like computers need an internet connection to transfer data and value, a Chainlink Labs executive says.

Blockchain technology needs a benchmark communications standard that can be easily integrated by every network in order for a complete transition from Web2 to Web3 to occur, industry commentators say.

Many expect there will be multiple blockchains and such an ecosystem requires communication protocols similar to the Transmission Control Protocol/Internet Protocol (TCP/IP) used on the internet.

Ryan Lovell, director of capital markets at crypto price oracle solutions firm Chainlink Labs, told Cointelegraph that blockchains will need interoperability similar to how computers need the internet to transfer data and value across networks:

“To realize a fully interoperable blockchain ecosystem at scale, there needs to be an open communication standard analogous to the TCP/IP, which currently serves as the internet’s de facto connection protocol.”

Lovell believed a similar standard for blockchain networks would “pave the way for a seamless, internet-like experience” for the platform and their applications.

This is particularly important given that the last bull market saw a host of new layer-1 blockchains make their mark. However, nearly all of them operate in isolation from one another.

Lovell stressed that blockchain interoperability is “crucial” for financial institutions looking to tokenize real-world assets because that would ensure that liquidity isn’t “stifled” by only existing in a “siloed ecosystem.”

Brent Xu, the founder and chief executive of Umee — a lending platform backed by Cosmos’ Inter-blockchain Communication Protocol (IBC) — told Cointelegraph that before real-world assets are brought on-chain, proper risk management systems need to be put in place to facilitate this interoperability.

Xu explained that financial institutions would need to tick off Know Your Client (KYC) credentials to ensure the authenticity of the real-world assets before being tokenized on-chain and then make sure that they can be identified by an on-chain proof-of-reserve audit.

In order to avoid an on-chain catastrophe, he stressed the risk of cutting corners simply isn’t worth it:

“Think of the ‘08 mortgage crisis. Tremendous financial value was lost due to a broken legacy system. Imagine if this value was ported into the blockchain ecosystem, we would see tremendous value loss due to the contagion.”

Cross-chain bridges, independent layer-2 sidechains and oracles are three of the most commonly used blockchain interoperability solutions to date. The first two operate solely on-chain, while the latter feeds off-chain data on-chain.

Related: Why interoperability is the key to blockchain technology’s mass adoption

There have been issues with some of these solutions, however, most notably cross-chain bridges.

An October report highlighted that half of all exploits in decentralized finance (DeFi) took place on a cross-chain bridge, the most notable example being the $600 million Ronin bridge hack in March 2022.

Xu noted that many of these hacks have come from multi-signature security setups or proof-of-authority consensus mechanisms, which are considered to be centralized and much more vulnerable to attack.

He added that many of these interoperability solutions favored “speed of development” over security early on, which backfired.

The key, Xu said, is to incorporate interoperability within the platform, as that will result in a more secure end-to-end transaction than through the use of third-party bridges:

“Bridges are particularly susceptible because they provide two ends at which hackers can potentially infiltrate any vulnerabilities.”

Among the most commonly used blockchain interoperability protocols are Chainlink’s Cross-Chain Interoperability Protocol (CCIP); the IBC, which leverages the Cosmos ecosystem; Quant Network’s Overledger and Polkadot.

Update (April 17, 8:25 am UTC): This article has been updated to more accurately reflect an analogy from Ryan Lovell.

Magazine: ZK-rollups are ‘the endgame’ for scaling blockchains, Polygon Miden founder

Report: Half of all DeFi exploits are cross-bridge hacks

Over $2.5 billion have been stolen from cross-chain bridges in the past two years.

According to a new report by crypto data aggregator Token Terminal, approximately 50% of exploits in decentralized finance, or DeFi, occur on cross-chain bridges. In two years’ time, more than $2.5 billion has been stolen by hackers via exploiting vulnerabilities on cross-chain bridges. The amount is enormous in comparison to other security breaches, such as DeFi lending hacks ($718 million) and decentralized exchange exploits ($362 million) in that period. 

Cross-chain bridges, which allow users to port digital assets from one chain to another, are known for their ability to solve multichain scaling issues. However, the complexity in building and subsequently auditing them, combined with massive amounts of funds locked in their smart contracts, has attracted much attention from hackers.

Immunefi CEO and security expert Mitchell Amador explained that some developers in the DeFi space are simply lacking the necessary knowledge to secure such complex mechanisms:

“Many developers launch projects by simply copying and pasting code from other projects. When one of these projects has a vulnerability, others usually have that vulnerability as well. Open source smart contracts, being visible and accessible to all, can easily attract blackhats who study them, discover where they’re vulnerable, and exploit them.”

It also appears that the vast majority of cross-change exploits that have happened thus far took place on Ethereum Virtual Machine (EVM) blockchains. This includes this year’s most serious incidents, such as the Axie Infinity Ronin bridge hack, the Wormhole token bridge hack and the Nomad bridge hack.

Meanwhile, cross-chain bridges based on the Cosmos Inter-Blockchain Communications (IBC) protocol, which has surpassed $1 billion in total value locked, have largely avoided the spearhead of the attacks. Although, last week, Cosmos co-founder Ethan Buchman said that a major security vulnerability was discovered on IBC after security audits. The exploit has been patched and no funds were lost as a result of the incident. 

Cross-chain bridge RenBridge laundered $540M in hacking proceeds: Elliptic

The blockchain forensics firm said cross-chain bridges provide an “unregulated alternative” to exchanges for transferring value between blockchains.

Cross-chain bridges have been the target of more than a few hacks this year, but new data from blockchain analytics provider Elliptic alleges one has been used to launder over half a billion dollars in ill-gotten crypto assets. 

According to a Wednesday report, crypto bridge RenBridge facilitated the laundering of at least $540 million in proceeds of crime since 2020 through a process known as chain hopping — converting one form of cryptocurrency into another and moving it across multiple blockchains.

Elliptic said that decentralized cross-chain bridges provide “an unregulated alternative to exchanges for transferring value between blockchains.”

Rogue states and hacker groups

For the most part, cross-chain bridges or blockchain bridges are used for legitimate purposes, enabling users to move cryptocurrencies seamlessly across blockchain networks.

Users typically deposit their tokens from one chain to the bridge protocol, which is locked into a contract, then the user is issued the equivalent of a parallel token in another chain.

However, Elliptic noted these bridges have also been used by ransomware gangs, exploiters, and hackers to launder proceeds of crime, with RenBridge accounting for at least $540 million of laundered proceeds since 2020. 

Most recently, at least $2.4 million in crypto assets stolen during the Nomad hack on Aug. 2 went through the cross-chain bridge, according to the firm.

Elliptic also noted that assets from decentralized finance (DeFi) services worth at least $267.2 million have been laundered using RenBridge in the last two years, while a portion of the $80 million stolen from Liquid Global exchange last year, allegedly by North Korea, has passed through RenBridge.

The Conti ransomware group, which famously attacked the Costa Rican government back in June, has also laundered over $53 million through RenBridge so far.

Authorities concerned

Elliptic noted that blockchain bridges such as RenBridge poses a challenge to authorities trying to clamp down on individuals and groups using the emerging technology for illicit activities.

“Blockchain bridges such as RenBridge pose a challenge to regulators since there is no central service provider that facilitates these cross-chain transactions,” it said. 

Related: Is there a secure future for cross-chain bridges?

In a Jue 30 status report from the Financial Action Task Force (FATF), the intergovernmental organization highlighted increasing risks associated with “chain hopping,” particularly in the DeFi space:

“The rapid growth and evolution of the Defi sector is a cause for concern as it could cause risks to accelerate and proliferate.”

$2B in crypto stolen from cross-chain bridges this year: Chainalysis

The $190 million Nomad Bridge exploit is just the latest out of 13 separate bridge attacks in 2022 so far.

Cross-chain bridge hacks have accounted for 69% of the total crypto stolen in 2022, amounting to $2 billion in losses, according to a new report. 

The report comes from blockchain analytics firm Chainalysis on Tuesday, noting there have been 13 separate token bridge hacks this year — the most recent being the $190 million Nomad Bridge exploit.

Q1 2022 was by far the quarter that saw the most amount of crypto stolen since 2021, due mainly to the Ronin Bridge Attack in late March, which saw $624 million in Ether (ETH) and USD Coin (USDC) stolen.

Cross-chain bridges, also known as blockchain bridges, are designed to transfer cryptocurrencies from one blockchain network to another. 

Chainalysis explains that while bridge designs vary, users typically deposit their tokens from one chain to the bridge protocol, which are then locked into a contract. The user is then issued the equivalent of a parallel token in another chain. 

Bridge vulnerabilities

According to the Chainalysis report, bridges are often targets because they “feature a central storage point of funds that back the ‘bridged’ assets on the receiving blockchain:”

“Regardless of how those funds are stored — locked up in a smart contract or with a centralized custodian — that storage point becomes a target.”

According to some experts, effective bridge design is still in its nascent stages of development, and some developers still have relatively little understanding of security protocols, making their protocols vulnerable to exploitation by hackers.

In a July 22 clip posted on Twitter, almost two weeks before the recent attack, Nomad founder James Prestwich says it will be “at least another year or two before there is enough familiarity across chain security models to build defenses as a standard:”

“In cross-chain systems, we haven’t built up that kind of expertise about attacks yet, people don’t know what the common attacks are, and so they don’t defend against them.”

Centralized exchanges were once the favorite target of hackers, but advances in security protocols have seen a drop in successful cyber attacks, according to Chainalysis.

The blockchain analytics firm has stressed that cryptocurrency services, including bridges, should start investing in security upgrades and training sooner rather than later:

“A valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard of DeFi, both for those building protocols and for the investors evaluating them. Over time, the strongest, safest smart contracts can serve as templates for developers to build from.”