Crypto Bridges Creating Vulnerabilities Popular with Hackers

Cryptocurrency bridges, which enable transactions across a wide range of token types, are an increasingly important factor in the world of blockchain. A hack involving approximately $540 million in Ethereum and USDC stablecoin from the Ronin bridge in March was another drop in the $1 billion-plus bucket stolen from bridges. Successful attacks have become more common in recent years and the Ronin heist, among the largest, underscores a bigger problem. Different cryptocurrencies are typically siloed, so a Dogecoin transaction can’t be implemented on the Bitcoin blockchain, but it can by using a bridge.

“Bridge services ‘wrap’ cryptocurrency to convert one type of coin into another. So if you go to a bridge to use another currency, like Bitcoin (BTC), the bridge will spit out Wrapped Bitcoin (WBTC),” writes Wired. “It’s like a gift card or a check that represents stored value in a flexible alternative format,” the magazine notes, explaining “bridges need a reserve of cryptocurrency coins to underwrite all those wrapped coins, and that trove is a major target for hackers.”

Because of that, bridges will remain a popular target even while continuing to grow because, cross-chain communication protocols developer and scholar James Prestwich tells Wired, “people will always want the opportunity to join new ecosystems. Over time, we’ll professionalize, develop best practices, and there will be more people capable of building and analyzing bridge code. Bridges are new enough that there are very few experts.”

Because they operate at a 1:1 ratio, “wrapped” cryptocurrencies are similar to stablecoins. For example “just as a stablecoin like Tether pegs the value of a single token at $1, a token of wrapped Ether is worth whatever a single Ether (the currency of the Ethereum blockchain) is worth,” explains Bloomberg.

Bridges use so-called smart contracts to convert a currency into a wrapped token for a  different blockchain. “But if the underlying Ether deposited with a bridge is stolen, the wrapped Ether becomes worthless,” Bloomberg notes, adding that “more than $21 billion is locked on Ethereum bridges,” citing data from Dune Analytics.

Ronin Bridge, connected to the “Axie Infinity” online game, resulted in theft of “173,600 Ether and 25.5 million USDC tokens in two transactions, for a total take of about $600 million,” Bloomberg writes, adding that “in February, hackers stole around $300 million from Wormhole,” and that in total “seven bridge hacks have been recorded, according to data compiled by researcher Chainalysis.”

The threat to bridges is not limited to hacks. Bloomberg reports that in 2021, “the Optics bridge on the Celo network saw its bridge development team effectively lose control of the project. Figuring out what’s gone wrong or who is responsible for the design or operation of a particular bridge can be hard.”

Hacker Moves Crypto Stolen from Ronin Breach to Help Cover Its Tracks, Bloomberg, 4/4/22
DOJ Seizes $34 Million of Crypto from the Dark Web Seller, Engadget, 4/4/22