Back

Cross-Chain Bridge Hacks Were the Newest Headache in 2022 for Crypto Users

sameAuthor avatar

Written & Edited by
Josh Adams

03 January 2023 20:15 UTC
Trusted
  • According to a report published earlier this year, cross-chain bridges are the victim of 50% of all DeFi exploits.
  • Professor Sergey Gorbunov tells BeInCryoto that the ecosystem is waking up to their vulnerabilities.
  • However, crypto crime as a share of all transactions continues to decline year-on-year.
Promo

After the collapse of many crypto giants like Celcius and FTX, the worrying rise of DeFi hacks has probably been the year’s second most notable trend. The most prominent of these is the cross-chain bridge hack.

According to a report by crypto data aggregator Token Terminal, cross-chain bridges are the victim of 50% of DeFi exploits. Over the course of two years, approximately $2.5 billion has been stolen by hackers by exploiting their unique vulnerabilities. The amount lost is eye-watering compared to DeFi lending hacks ($718 million) and DEX hacks ($362 million) over the same period.

In the first half of 2022, thefts exploiting cross-chain bridges increased by 58% when compared to the same period in 2021.

Sponsored

There have been multiple prominent bridge hacks this year. In August, Nomad was hacked for approximately $200 million after developers made changes to its smart contracts. As a result, hackers were able to create false crypto transactions to unload funds from its reserves. A month before, 50k wallets were affected by an attack on the cross-chain Harmony Horizon bridge. The hackers left with $100 million in funds.

Allowing Blockchains To Communicate 

Cross-chain bridges enable blockchains to talk to one another. They were designed to meet the increasing demand to transfer assets between them without a central authority. They fix a core problem with blockchains: it is hard for them to work together and communicate. In most respects, blockchains are closed spaces. Cross-chain bridges help open them up and increase liquidity.

These bridges serve as a kind of “neutral zone” that doesn’t belong to either of the blockchains that it enables communication for. They can be useful if, for example, you want to buy an Ethereum NFT with your bitcoin and don’t want to use an exchange.

Sponsored

2022 was the breakout year for interchain use. The increase in cross-chain bridge hacks has increased as users expect blockchains to be more interoperable. As bridges are relatively new and less battle-hardened, hackers have increasingly turned to them for an easy payday. As with all technology, it is common for infrastructure to lag behind adoption.

Bridges Are Becoming Safer

Most bridges are a form of federated multisigs, meaning they require multiple signatures to approve a transaction. According to Professor Sergey Gorbunov, CEO and co-founder of Axelar, its centralized nature makes it less secure. “In Web3, any activity brings added risk: Liquidity providing is riskier than staking; transacting is riskier than holding, and interchain transactions are riskier than transacting within a single chain,” he says. “Therefore, interchain builders should try to achieve even stronger security than the chains they connect. However, most interchain services are providing weaker security.”

However, there is no need to panic. With each hack comes greater scrutiny of bridges’ vulnerabilities, decreasing the chances of them happening again. Although this is not much consolation if you owned some of the $2.5 billion that was stolen this year.

Sponsored

In the meantime, more Layer 1s are finding ways to support interchain connections using the secure, universal infrastructure. “Polygon and Osmosis are great examples of this, partnering with Axelar to ensure developers in their ecosystems know they have a secure option for interchain communication,” he continues. “Ultimately, these technologies are permissionless, so it is up to ecosystem leaders to set secure practices as defaults and establish awareness in their communities.”

According to Professor Gorbunov, more education is needed for developers to move to a more interchain mindset. “The single-chain mindset leaves bridging up to the user, which creates unnecessary risk and a bad user experience. Building natively for interchain means the developer can create one-click experiences that integrate any asset, any function, on any chain.”

Sponsored

Crypto Crime Is Decreasing

Actors in the space are taking notice of these risks, and there is hope on the horizon. Recently, Axelar, a network specializing in secure cross-chain communication, announced its Ecosystem Funding Program. The initiative is designed to speed up the development of decentralized applications and protocols that can replace centralized exchanges. Development partners include Arbitrum, Circle, Osmosis, and Polygon.

“The EFP and the partnerships Axelar has formed with Layer 1 ecosystems show the commitment that is forming around the kind of Web3 development that is possible with secure, universal interchain infrastructure,” he says.

There are other reasons to be cheerful. According to Chainalysis’ recent 2022 Crypto Crime Report, illicit transactions across the ecosystem are declining as a share of the overall number. Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021. Despite the raw value of illicit transaction volume reaching its highest level ever.

According to the report, in 2019, 3.37% of all transactions were related to some kind of criminal activity. That plummeted by 82% to 0.62% in 2020. In 2021, it dropped by another 76% to 0.015% of all transactions.

DeFi still remains the largest arena for solen funds. In 2021, nearly $2.5 billion dollars worth of funds was lost to DeFi exploits. Whereas centralized exchange hacks accounted for less than $500 million. According to Chainalysis, the majority of thefts that occur through DeFi protocols are the result of errors in the smart contract code that governs these protocols.

Disclaimer

Following the Trust Project guidelines, this feature article presents opinions and perspectives from industry experts or individuals. BeInCrypto is dedicated to transparent reporting, but the views expressed in this article do not necessarily reflect those of BeInCrypto or its staff. Readers should verify information independently and consult with a professional before making decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.