Cryptocurrency investors have been hit hard this year by hacks and scams. One reason is that cybercriminals have found a particularly useful way to reach them: bridges.
Blockchain bridges, which loosely connect networks to enable rapid token swaps, are gaining popularity as a transaction method for crypto users. But by using them, crypto-bridges enthusiasts bypass a centralized exchange and use a system that is largely insecure.
According to data from blockchain analytics firm Chainalysis, breaches of these cross-chain bridges have resulted in approximately $1.4 billion in losses since the start of the year. The largest single event took a record $615 million from Ronan, which backs the popular non-fungible token game Axie Infinity, which allows users to earn money while playing.
$320 million was also stolen from Wormhole, a crypto pool backed by Wall Street high-frequency trading firm Jump Trading. In June, Harmony’s Horizon Bridge suffered a $100 million attack. And last week, hackers targeting Gypsy seized nearly $200 million.
“Blockchain bridges have become low-hanging fruit for cybercriminals, with billions of dollars of crypto assets locked away,” Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic blockchains, said in an interview. “These bridges have been breached by hackers in a variety of ways, indicating that their level of security has not been commensurate with the value of the assets they hold.”
Bridge feats are happening at an amazing rate, considering this is such a new phenomenon. According to data from Chainalysis, 69% of the money stolen in crypto-related hacks so far in 2022 has been stolen in pull heists.
How Do Bridges Work?
A bridge is a piece of software that allows one to send tokens from the blockchain network and receive them on a separate chain. Blockchains are distributed ledger systems that underlie various crypto-bridges currencies.
When exchanging tokens from one chain to another, such as sending some ether from Ether to the Solana network, an investor commits the tokens to a smart contract, a piece of code on the blockchain that allows the transaction to take place. Is. automatically without human intervention.
This crypto is then “sharded” onto a new blockchain in the form of a wrapped token, which represents a claim on the original Ether coin. The token can then be exchanged on a new network. This could be useful for investors using Ethereum, which has become notorious for sudden increases in fees and long wait times when the network is busy.
“Usually they have a lot of money,” said Adrian Heitman, tech lead at crypto-security firm Immunefi. “That amount and the amount of traffic going over the bridges is a very attractive point of attack.”
Why Are They Under Attack?
The weakness of the bridges can be partly attributed to sloppy engineering.
For example, the hack on Harmony’s Horizon Bridge was made possible by the limited number of verifiers needed to approve transactions. Hackers only needed to compromise two of the five total accounts to obtain the passwords needed to withdraw the funds.
A similar situation occurred with Ronin. The hackers only needed to convince five of the nine people in the network to hand over their private keys to gain access to the cryptocurrencies locked in the system.
In Nomad’s case, it was very easy for hackers to manipulate. Attackers can enter any value into the system and then withdraw funds, even if there are insufficient assets on the bridge. They didn’t require any programming skills, and their exploits brought together copycats, resulting in the eighth largest crypto-bridges heist of all time, according to Elliptic.
Nomad is offering a reward of up to 10% to hackers for recovering user funds and says it will refrain from prosecuting hackers who return 90% of the assets they took.
Nomad told CNBC that it is “committed to keeping its community updated as it learns more” and “appreciates all those who acted quickly to protect the funds.”
Because They Are Important
Bridges are an essential tool in the Decentralized Finance (DeFi) industry, a crypto-bridges currency alternative to the banking system.
With DeFi, instead of central players making decisions, money exchange is managed by programmable code called smart contracts. This contract is written on a public blockchain, such as Ethereum or Solana, and is executed when certain conditions are met, eliminating the need for a central intermediary.
“We can’t just move these assets,” Heitman said. “This is why we need blockchain bridges.”
As the DeFi space continues to evolve, developers will need to enable blockchains to ensure that assets and data can flow seamlessly between networks.
“Without them, assets get locked into local chains,” said Austin Benson, co-founder of QuickNode, a developer and business developer. provides the blockchain infrastructure.
But They Are Dangerous
“They’re effectively unregulated,” said David Carlisle, Elliptic’s head of regulatory affairs. They are “extremely vulnerable to hackers or being used in crimes such as money laundering.”
According to new research Elliptic provided to CNBC, criminals have transferred at least $540 million in ill-gotten gains on the Rainbridge since 2020.
“A key question is whether bridges will be subject to regulation, as they operate in much the same way as crypto exchanges, which are already regulated,” Carlisle said.
This week, the US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against TornadoCash, a popular crypto-bridges currency mixer, banning Americans from using the service. Mixers are tools that combine user tokens with other funds to hide the identity of the people and entities involved.
Carlisle said it’s becoming clear that “U.S. regulators are ready to go after de-fi services that facilitate illegal activity.”
For more information, please visit Friday night funkin unblocked games 911.