Why are bridges a target for hackers?
Nomad token bridge is the latest victim that has fallen victim to a hack that stole nearly $200 million. This is yet another large-scale attack on bridge chains in 2022. So far, we have seen the Ronin Network breach in March that resulted in a loss of over $600 million and the Horizon, Qubit and Wormhole hack, losing $500 million between them. It is clear that bridges are a prime target but more importantly, are vulnerable to these attacks.
Why are bridges being targeted and what does this mean for crypto businesses and investors?
- Bridging the gap in security
Bridges, as the name suggests connect blockchains together, enabling interoperability of independent blockchains with different protocols and smart contracts to provide users with the ability to exchange data and tokens. This means bridges deal with multiple blockchains with varying levels of security standards and auditing. Elliptic’s cryptocurrency threat analyst, Arda Akartuna explains, “This means that the likelihood of there being unpatched security vulnerabilities in their protocols is greater in comparison to DeFi platforms operating solely on more well-known blockchains”.
- Sitting ducks for hackers
In order to enable users to exchange tokens, bridges have smart contracts on both the blockchains where the exchange is taking place. The problem with smart contracts is that they are public meaning anybody including bad actors can review for vulnerabilities. They are also designed to be immutable and not possible to amend. In order to resolve the weakness, a new smart contract needs to be deployed. Resolving this weakness can take time and resource leaving the bridge exposed to further siphoning of funds.
- Anomalous transactions are not always flagged
The nature of many smart contracts means that a transaction can only take place if the rules of the contract are adhered to. This means that sometimes anomalous activity will be deemed within the rules of the smart contract and will go undetected. Once a bad actor successfully exploits a smart contract with one transaction, they can then continue with further fraudulent transactions causing a huge loss to the bridge.
- Great opportunity
Bridges need massive volumes of different currencies in order to exchange tokens swiftly between blockchains. These huge reserves make bridges a prime target for hackers and the increase in the number of attacks we have seen on bridges is a clear indication that hackers recognise this as a valuable opportunity.
Bridges are a fundamental part of the growing ecosystem, and it is important we as businesses support their evolution with security measures and tools to keep funds safe.