Introduction
As the decentralized financial ecosystem grows, so do the risks of hacks to cryptocurrency bridges. Security concerns have plagued cryptocurrency exchanges and platforms for years, and the services that make up the backbone of this ecosystem are experiencing a similar trial by fire. Bridge attacks exploit the same vulnerabilities that make cryptocurrency exchanges vulnerable to hacking. As more high-stakes platforms emerge, ensuring that all such services go through rigorous vetting is important. Online exchanges for cryptocurrencies abound, such as the finixio trading platform.
Hacks on the Solana-Ethereum bridge
A Solana-Ethereum blockchain bridge is an infrastructure that allows the transfer of tokenized assets between two blockchains. This technology offers low costs and high speed. Unfortunately, a recent hack has exposed this infrastructure to attack. On February 2, the Solana-Ethereum blockchain bridge was compromised. The attackers took advantage of an unpatched Rust contract and minted approximately 120,000 ‘Wormhole Ethers,’ now worth $320 million. In addition, the hacker also compromised the intelligent agreement for Solana, so it started to rely upon malicious smart contracts.Â
The Solana-Ethereum blockchain bridge has suffered multiple network outages over the past few months, resulting in a steep decline in its price. The cryptocurrency is down 12% in the past eight hours and is down nearly 60% from its November 6 high of $260. Solana has been marketed as an “Ethereum killer” but has encountered multiple network and performance problems.
The developers of the Wormhole protocol confirmed the hack on Twitter and have taken the network offline while they perform maintenance. Wormhole’s official website is also offline. The attack directly results from the Wormhole protocol, which allows different networks to interact. Wormhole’s attack resulted in a $320 million theft of Wrapped Ethereum, a pegged cryptocurrency of Ethereum that can be traded freely on other Wormhole-compatible networks.
The Solana-Ethereum blockchain bridge allows for cross-chain transactions between the two blockchains. Unfortunately, the bridge is vulnerable on both sides, which makes it a potential target for attackers. The latest hacks were made possible by an exploit in the Solana Wormhole, which allowed a hacker to devise a way to bypass Ethereum’s cross-chain validators. The attacker sent 0.1 ETH from Ethereum into Solana to trigger a series of “transfer messages,” which tricked the program into accepting a 120,000 ETH deposit.
Hacks on the Ethereum-BSC bridge
The BSC bridge is a cross-chain bridge connecting the BNB Beacon Chain and the BNBChain/BEP20 chains. It mints two million new BNB. A number of security researchers and firms have posted analyses of the attack on Twitter, but the community is still filling in the details. The first firm to notice the attack was security firm Ancilia, Inc., which identified the culprit and reported the hack.
The exploit was on par with the $552 million Ronin bridge attack, and it raised questions about the security of cross-chain bridges. Many Layer 1 networks have emerged alongside Ethereum, which makes these cross-chain bridges particularly vulnerable. In this case, a bug in the Ethereum-BSC bridge was responsible for over $570 million theft.
After the hack, ChangeNOW confirmed that it was still using the exchange after the attack. The exchange system assessed the address for suspicious activity and found no red flags, but the hacker was able to send funds to different addresses. The hacker used clean addresses and multiple “burner” addresses across various chains. The initial value of the stolen BNB tokens was approximately US$570 million. Though the BSC developers were able to halt the network in time, the incident has raised concerns over the level of decentralization in the BSC network.
Hacks on Harmony’s Horizon Bridge
Hackers have been using the Harmony blockchain to steal more than USD 100 million. The attack is being attributed to the Lazarus Group, a North Korean hacking group said to be linked to the Kim regime. The hackers hacked into Harmony’s Horizon Bridge and transferred over 100 million dollars worth of crypto assets in a short period. The attack vector is similar to that of DPRK attacks. The Harmony network has offered a 1 million USD bounty for whoever is responsible. This bounty is equivalent to one Tornado Cash.
Conclusion
The recent security breach of $540 million on the cryptocurrency network Ronin shows that blockchain bridges are a prime target for hackers. While this particular attack did not compromise the integrity of any other blockchain, it has highlighted how the industry is under increasing pressure to address this problem. A bridge can be compromised with a wide range of techniques.
