Bridges are burning

Blockchain is an innovative and futuristic technology. It enables different opportunities for its users. There are many takes how blockchain should behave and what it should offer. With many different approaches to the subject, we see few main chains of blockchain being in use, like Ethereum, BSC, Polygon, or Bitcoin.

The rise of DeFi means many assets are created on one of the chains mentioned above and live there. But what if we wanted to move our precious NFT or valuable tokens from one chain to another? Is this possible?

With the help of that comes Blockchain Bridges. Such bridges are a way to connect two distinct blockchains and enable communication between them. There are different Bridge designs and approaches, but the technology is still relatively young.

A large amount of crypto money is flowing through DeFi. The demand for DeFi increases every day, and users want to move tokens minted from one network to another.

This means hackers are starting to shift focus from DeFi protocols exploits to blockchain bridges that handle the crypto asset flow between chains.

$17.2M

That's the lost amount due to this week's hacks on bridges and cross-chain liquidity alone.

First, we saw AnySwap being hacked on July 10 for $7.9M. The issue was with using the same R-value signature. The algorithm securing the MPC wallet is based on ECDSA for generating private keys. If the same R-value is used in two different transactions, a hacker can deduce a private key based on that information alone.

If you want to learn more, I wrote a separate article describing this exploit.

Anyswap got hacked

Today, Anyswap tweeted an exploit was detected in the v3 prototype. An exploit was detected in the new anyswap v3 prototype, all bridge funds used in v1/v2 are safe, a full post mortem will be released. Remedial action already in place for all exploited funds. LPs to v3 won&

Adrian Hetmanadrianhetman

The very next day, we saw ChainSwap being hacked for $4.4M. As rekt.news describes the attack.

"On the Ethereum network, each token to be bridged has its own proxy Factory contract. The attacker was able to exploit the contract, minting tokens directly into different addresses, before reaccumulating them into the wallet from which the transactions were initially sent."

As always, they wrote a great article.

Today we saw a third attack, this time on ThorChain. An attacker managed to steal $4.9M from the ThorChain's bridge. Initial calculations for the stolen amount oscillated at $25M. You can refer to the official announcement made on their Discord group.

We learned from the ThorChain announcement the method used for attack. ETH Bitfrost was tricked using a custom contract wrapper to read a deposit amount of 200 when it was zero.

The hack was an interesting one, and I will be diving into it later this weekend.

Are bridges safe?

Bridge technology is still rising and maturing. As with DeFi, hacks on different parts of the ecosystem will be present. We need to stay vigilant and analyze such attacks to learn from them.

Hopefully, the future will be more stable and secure on the bridges. Until then, remember, everything is still in its infancy, and anything can happen, even to the well-developed projects.

Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

See you tomorrow!