The cryptocurrency world is still full of vulnerabilities. One of the biggest ones is, and always has been, security. This can be easily seen through the number of hacks or exploits that are happening, unfortunately, almost on a monthly basis.
What is even more concerning, however, is the fact that they seem to be mostly taking place in a very niche area of the cryptocurrency world – cross-chain bridges. This was also proven by the latest hack of the Binance and its blockchain, during which the biggest cryptocurrency exchange suffered a loss of about $570 million worth of BNB, with more than $100 million already siphoned to different blockchains.
Before we deep dive into what exactly happened to Binance, let’s first explore cross-chain bridges. Cross-chain bridges are solutions that allow cryptocurrencies to be moved between different blockchains. They are created mostly due to the emergence of different blockchains, which essentially led to an increase in demand for interoperability solutions of various blockchains. And that is what cross-chain bridges should provide.
While the biggest growth within these solutions was probably seen during the year 2021, the cross-chain bridges still hold about $10 billion worth of value, according to Defi Llama. That is due to the fact that they provide not only connection of different networks (blockchains), but also speedy swaps of different tokens. While they definitely do have their own benefits, they are also prone to hacks and security vulnerabilities.
“These bridges have been breached by hackers in a variety of ways, suggesting that their level of security has not kept pace with the value of assets that they hold.”
A rather unpleasant statement by Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic. But Robinson is definitely not the only one, who sees problems within cross-chain bridges.
Josephine Wolff, an associate professor of cybersecurity at Tufts University, sees two main problems with the current cross-chain bridges. According to Wolff, there is a lot of money, like in the banking institutions, however, unlike banks, there is not as much regulation and oversight.
The combination of these factors can thus lead to serious exploits of cross-chain bridges as well as the whole cryptocurrency industry, since the cybercriminals have huge motivation to go after this sector. This is, unfortunately, supported by recent numbers.
According to a Chainalysis report released in August of this year, the cross-chain bridge hacks accounted for 69% of all the crypto hacks that have taken place in the cryptoworld. All in all, it has amounted so far to more than $2 billion up to date.
The hacks of Wormhole, Harmony Horizon Bridge or Nomad, as well as the very recent hack of Binance Chain’s BSC Token Hub bridge, only portray the problems connected to security of these solutions. Rather unflattering statistics shows that almost every month of this year has seen a major cryptocurrency hack that was one way or another connected to a cross-chain bridge.
The biggest hacks connected to cross-chain bridges in 2022
|January||Qubit Finance||$80 million|
|March||Ronin Network||$625 million|
|June||Horizon Bridge||$100 million|
|October||BSC Token Hub||$110 million|
According to oxfoobar, some of the hacks are more alike than it seems. For instance, Ronin, Harmony Bridge as well as the current BSC Token Hub hack are very similar in many aspects.
“Ronin was a private key exploit, Harmony Bridge was broken cryptography – the exact methodology differs a bit, but same general principles of broken cryptographic verification. Broken proof verification lets hackers forge arbitrary messages.”
Questions connected to the security of cross-chain bridges were again asked mostly due to a recent BSC Token Hub hack. This Binance Bridge allowed hackers to get away with more than $566 million, however, “only” $100 million have already been transferred from the hacker’s wallet. It seems that most of the funds are static and they might be frozen or flagged for any future transfers.
The cybercriminals were able to persuade Binance’s Bridge to send out 1 million BNB tokens. And since they repeated this transaction, they got their hands on 2 million BNB tokens worth almost $570 million at the time of the hack.
Due to the bug in the verification of proofs of the bridge, hackers were able to convince the bridge to send the tokens to the address they controlled. Luckily, the hackers were only able to repeat the transaction once, before the community as well as the team behind Binance saw this exploit. The hack was explained by Sam Sun from crypto investment firm Paradigm.
“There was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse.”
Sun also explained that after the bridge sent the funds to the attacker, it then continued to work smoothly without any problems. Yet, the community needed to step in to raise the suspicion over the size of the withdrawals. This then led to Binance halting the blockchain, since all the validators (44, out of which 26 were still active) were asked to pause their activities.
Changpeng Zhao, CEO of Binance, stated on many occasions that he appreciates the support of the community as well as the speed of Binance team when solving this problem. He believes that this is nothing but a minor hiccup that can and will be solved without any problems. Binance is also offering a reward bounty of 10 % of the recovered funds to anyone, who is able to uncover the hacker.
While his initial reaction was swift, to contain any form of panic, he stated that this was thanks to the team and community. Apparently, he had nothing to do with it, highlighting the decision-making of the team. Yet, during the time of uncertainty with what had really happened, he reassured everyone that everything was contained and that the funds were safe.
“Binance Smart Chain is back online. We have now resumed Binance Smart Chain deposits and withdrawals on Binance.”
That was the reaction of CZ right after the problem was contained. He then went on to look at this problem from several different perspectives. None of them, however, properly addressed the security vulnerabilities of cross-chain bridges in general or what can be done to prevent them from happening in the future.
The recent Binance hack has once again shown that the cross-chain bridges are far from being safe. While there is a clear need for these solutions, it needs to be stated that their security issues are one of the biggest problems of the current cryptocurrency industry. Unless these problems get solved rather quickly, the future potential of cross-chain bridges can be in serious jeopardy.
Disclaimer: BingX does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. Readers should do their own research before taking any actions related to the company. BingX is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the article.