Ways that $2 Billion Got Hacked in Cross-Chain Bridges πŸŒ‰

This year has been too hard for many crypto projects and stablecoins as the majority of them have stress-tested the attempts of hacks, FUD, de-pegged stablecoins, and more. Among all these treats, Cross-chain hacks are the most severe attack that accounted for 45% of all funds being stolen!

Copy of Copy of SUPERCHARGER.gif

I'm pretty sure you may count at least 3 hack cases that will come to your mind while reading. Actually, these cross-chain hack cases were conducted in different ways by hackers. Let's talk about some details of them.

The Chart Speaks Itself

When it is used to find quality information, CryptoTwitter can be a good source to find insight about what you are looking for.

This chart was shared by Zellic_io to prove the severity of Bridge hacks in crypto.

image.png

There is something interesting in this data. When you check the hack cases of CEXs, which was a nightmare in 2017-2018, today's issues are more complex and advanced blockchain operations like multi-bridge actions, nfts and De-Fi. It's something quite positive IMHO πŸ˜‰

Types of Cross-Chain Hacks

It is natural to have bugs in the codes of projects but if it is the case for De-Fi, you may lose all your funds because of a little leak. As the blockchain products vary and grow, so do hackers πŸ˜… The way they steal the funds also differ from case to case:

In its simplest form, Cross-chain actions happen in this way:

When you transfer a token with cross-chain bridges, you are sending funds as tokens to the bridge protocol, which locks those funds into the contract on one chain. Then, the user is given funds in the form of wrapped tokens on the desired chain. - Outlookindia

Knowing the little complexity of operations between 2 different chains, hacker's initial attempt is always Fake Transactions:

When a fake transaction to the protocol is validated, the receiver address is automatically sent the wrapped version of the token. For example, the protocol is validated the deposit of 10 ETH. The receiver is sent 10 WETH and the hackers keep repeating the same type of transactions until the protocol drains!

We talked about the cases on LeoFinance: Nomad Exploit

In these examples, codes the most important aspects rather than the security provided by Validator Consensus. Do you know the second way that made Ronin Bridge lose more than half billion? Validator Takeover

It may sound like Justin Sun's cup of tea but it is actually done by hackers. The hackers were able to control the validators' accounts and 5 out of 9 validators took the power of the bridge by eliminating the rest!

We mentioned the hack case on LeoFinance: Ronin Hack

No Concern about Leo Bridge, though

As of writing, I do not think Fake transactions or Validator Takeover are possible risks on LeoBridges because the transactions are simple and nearly instant on Hive + Leo bridge is controlled by the LeoFinance team.

Note: You can easily check the funds of accounts like b-hive / p-hive etc.

The only possible risk that I see is that upcoming HF-26 will have a reversible transaction window which may mix the process that we are used to. LeoBridges may only need to be cautious about the upcoming hardfork that may have an indirect impact on its operations.

Other than that, Hive is one of the most effective chains to go cross-chain. Do not forget, Hive is a GameFi Chain for CMC and FootPrint's report. Hive - X chain bridges will be the new trend in 2-3 years IMHO ✌🏼

Posted Using LeoFinance Beta



0
0
0.000
3 comments