Cross-chain protocols have been extensively targeted by hackers, with Axie Infinity's $650 million Ronin Bridge hack accounting for a significant amount of stolen funds this year. Nomad lost $190 million in the second half of 2022 as a result of hacks on wallets. Hackers gained access to the private keys of 8000 wallets in the Solana ecosystem, resulting in $5 million in Solana (SOL) and Solana Program Library (SPL) tokens being stolen.
On August 8, deBridge Finance uncovered the methods that North Korean Lazarus Group hackers are suspected of using to carry out phishing attacks. Just a few days later, Curve Finance was hacked, and hackers redirected users to a counterfeit webpage that stole $600,000 worth of USD Coin (USDC).
According to deBridge Finance founder Alex Smirnov, there has been an uptick in these attacks due to the cross-chain protocols' function as liquidity aggregators that fulfil cross-chain value transfer requests. In addition to seeking widespread liquidity through liquidity mining and other enticements, these protocols have inevitably become a target for malicious actors.
“By locking a large amount of liquidity and inadvertently providing a diverse set of available attack methods, bridges are making themselves a target for hackers.”
Smirnov said that the security models of all the blockchains from which bridging protocols combined are the components that constitute middleware. According to Smirnov, this creates an attack surface that makes it possible to use one chain to steal liquidity from others.
Because the Web3 and cross-chain ecosystem is in its early stages, teams are learning from each other's mistakes as they iterate. Drawing on the example of the first two years of the DeFi sector, which was rife with exploits, deBridge co-founder Vadim Tkachenko admitted that teething problems were a natural consequence:
“The cross-chain space is extremely young even within the context of Web3, so we’re seeing this same process play out. Cross-chain has tremendous potential, and it is inevitable that more capital flows in, and hackers allocate more time and resources to finding attack vectors.”
Given how common exploits are becoming, projects are probably thinking about how to address them. The approach isn't cut-and-dried because attackers have numerous options. Smirnov imagines bridging protocols as a "Swiss cheese" security approach, in which the only way to attack is if a number of 'holes' lined up momentarily.
“In order to make the level of risk negligible, the size of the hole on each layer should be aimed to be as minimal as possible, and the number of layers should be maximised.”
A cross-chain platform involves many moving parts, so this is a difficult job. Because cross-chain protocols comprise many different risks, multilevel security models must be developed. The consensus algorithm and codebase of the chains that are supported are vulnerable to vulnerabilities and blockchain reorganisations.
The most common threats are 51% attacks, blockchain reorganisations, and blockchain codebases. There may also be a collusion of validators or a compromised infrastructure in the validation layer. Risks to the software development process include bugs in smart contracts and bridge validation nodes. In addition, deBridge notes that protocol management is an issue.
“All these risks are quickly compounded. Projects should take a multi-faceted approach, and in addition to security audits and bug bounty campaigns, lay various security measures and validations into the protocol design itself.”
One thing to keep in mind is that although deBridge's team was able to prevent social engineering attacks, phishing attacks remain one of the most common threats to the broader ecosystem. Education and strict internal security policies are crucial to avoid being lured by these intelligent attempts to steal credentials and hijack systems.