Saturday, October 1

Hackers have stolen $1.4 billion this year using crypto bridges


Mining the Worlds Second-most-valuable Cryptocurrency at Evobits IT SRL An engineer inspects Sapphire Technology Ltd. AMD graphics processing units (GPU) at the Evobits crypto farm in Cluj-Napoca, Romania, on Wednesday, Jan. 22, 2021. The worlds second-most-valuable cryptocurrency, Ethereum, rallied 75% this year, outpacing its larger rival Bitcoin. Photographer: Akos Stiller/Bloomberg via Getty Images

Photographer: Akos Stiller/Bloomberg via Getty Images

Crypto investors have been hit hard this year by hacks and scams. One reason is that cybercriminals have found a particularly useful avenue to reach them: bridges.

Blockchain bridges, which tenuously connect networks to enable the fast swaps of tokens, are gaining popularity as a way for crypto users to transact. But in using them, crypto enthusiasts are bypassing a centralized exchange and using a system that’s largely unprotected.

A total of around $1.4 billion has been lost to breaches on these cross-chain bridges since the start of the year, according to figures from blockchain analytics firm Chainalysis. The biggest single event was the record $615 million haul snatched from Ronin, a bridge supporting the popular nonfungible token game Axie Infinity, which lets users earn money as they play.

There was also the $320 million stolen from Wormhole, a crypto bridge backed by Wall Street high-frequency trading firm Jump Trading. In June, Harmony’s Horizon bridge suffered a $100 million attack. And last week, almost $200 million was seized by hackers in a breach targeting Nomad.

“Blockchain bridges have become the low-hanging fruit for cyber-criminals, with billions of dollars worth of crypto assets locked within them,” said Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, in an interview. “These bridges have been breached by hackers in a variety of ways, suggesting that their level of security has not kept pace with the value of assets that they hold.”

Also Read  Reality check: the Northern Ireland protocol isn't the problem, Brexit is | Raphael Behr

The bridge exploits are occurring at a striking rate, considering it’s such a new phenomenon. According to Chainalysis data, the amount stolen in bridge heists accounts for 69% of funds stolen in crypto-related hacks so far in 2022.

How bridges work

Why they’re under attack

The vulnerability of bridges can be traced in part to sloppy engineering.

The hack on Harmony’s Horizon bridge, for example, was possible because of the limited number of validators that were required for approving transactions. Hackers only needed to compromise two out of a total of five accounts to obtain the passwords necessary for withdrawing funds.

Also Read  Cardinal Becciu interrogated for 8 hours in the trial for the looting of funds from the Secretariat of State

A similar situation occurred with Ronin. Hackers only needed to convince five out of nine validators on the network to hand over their private keys to gain access to crypto locked inside the system.

In Nomad’s case, the bridge was much simpler for hackers to manipulate. Attackers were able to enter any value into the system and then withdraw funds, even if there weren’t enough assets deposited in the bridge. They didn’t need any programming skills, and their exploits led copycats to pile in, leading to the eighth-largest crypto theft of all time, according to Elliptic.

why they’re important

Bridges are an essential tool in the decentralized finance (DeFi) industry, which is crypto’s alternative to the banking system.

With DeFi, instead of centralized players calling the shots, the exchanges of money are managed by a programmable piece of code called a smart contract. This contract is written on a public blockchain, like ethereum or solana, and it executes when certain conditions are met, negating the need for a central intermediary.

“We cannot simply move those assets,” Hetman said. “That’s why we need blockchain bridges.”

As the DeFi space continues to evolve, developers will need to make blockchains interoperable to ensure that assets and data can flow smoothly between networks.

Also Read  Met officer was promoted despite misconduct over sexist and racist messages | metropolitan police

“Without them, assets are locked on native chains,” said Auston Bunsen, co-founder of QuikNode, which provides blockchain infrastructure to developers and companies.

But they’re risky.

“They’re effectively ungoverned,” said David Carlisle, head of regulatory affairs at Elliptic. They’re “very vulnerable to hacks, or to being used in crimes like money laundering.”

Criminals have transferred at least $540 million worth of ill-gotten gains through a bridge called RenBridge since 2020, according to new research that Elliptic provided to CNBC.

“One major question is whether bridges will become subject to regulation, since they act a lot like crypto exchanges, which are already regulated,” Carlisle said.

This week the US Treasury Department’s Office of Foreign Assets Control, or OFAC, announced sanctions against Tornado Cash, a popular cryptocurrency mixer, banning Americans from using the service. Mixers are tools that blend a user’s tokens with a pool of other funds to conceal the identities of individuals and entities involved.

Carlisle said it’s becoming evident that “US regulators are prepared to go after DeFi services that facilitate illicit activity.”

WATCH: Adrian Hetman of Immunefi explains how hackers stole $200 million


www.cnbc.com

Leave a Reply

Your email address will not be published.