Reading Time: 8 minutes
- Cross-chain bridge protocols enable communication between blockchains—promoting greater interoperability, among other benefits.
- Although beneficial, the complex and evolving nature of bridge technology makes cross-chain bridges vulnerable to hacks and exploits.
- More effort is required to improve the security of cross-chain bridges and promote safety of users.
The recent hack on Nomad Bridge caught everyone’s attention for many reasons, particularly the free-for-all nature of the exploit. But it also brought up a far more critical issue: the vulnerability of blockchain bridges.
Months ago, I wrote about the risks of cross-chain bridging protocols, after Poly Network and Wormhole had lost record amounts to cybercriminals. One would expect the security of cross-chain bridges to have improved, but things have only gone from bad to worse.
Since the Wormhole exploit grabbed headlines in February, more cross-chain bridge hacks have followed. This includes Nomad Bridge ($190 million), Harmony Horizon Bridge ($100 million), Qubit Finance ($80 million), and Ronin Network ($650 million). Per estimates, blockchain bridges have already lost nearly $2 billion to attackers this year—that’s 69% of all funds stolen from blockchain protocols in 2022.
Given the experimental nature of blockchain technology, security vulnerabilities are likely inevitable, at least until the industry evolves robust security standards. Still, a particular sector suffering more exploits on average, as is happening cross-chain bridges, calls for concern.
The question now is: “Why are blockchain bridges getting breached and what can we do about it?” But before that, let’s start from first principles: understanding how bridges work and why they matter in the first place.
What are blockchain bridges?
A blockchain bridge connects to two or more blockchains, allowing for the transfer of tokens and data. Just like a bridge in the real world, bridges allow user assets to “travel” from one blockchain network to another.
When bridging between blockchains your assets don’t actually move anywhere. Instead, most bridge protocols work by locking up a user’s asset(s) on the original chain and issuing an equivalent amount on the destination blockchain.
In blockchain lingo, we say the original asset is wrapped—deposited into a smart contract (or a multisig wallet) on the source blockchain, while a representative version is produced for the user on the target chain. Wrapped assets make it possible to use a token (e.g., BTC) on a non-native blockchain (e.g., Ethereum). Such assets are essentially IOUs, as their value is backed by assets locked up on the original chain.
So you know bridges hold your funds in custody and mint new tokens for you to use on other chains. But how do you exit your assets from the bridge contract and redeem your IOUs? Simple—you burn the issued tokens and present the proof-of-burn, after which your locked assets are released on the original chain.
While this sounds relatively straightforward, implementing it involves many complexities. The bridge needs a reliable mechanism for the following:
- Storing user assets
- Detecting user actions (e.g., token deposits and token burns) and relaying information about these events between the two blockchains.
- Verifying the validity of information relayed from external sources
- Triggering minting and burning of tokens
Beyond the usual lock-and-mint mechanism, bridges might adopt a different system such as burn-and-mint (burning the assets on the original chain and minting new tokens elsewhere) or atomic swaps. The bridge might also differ based on its function: some bridges connect multiple blockchains or specific types. A classification of bridge types is out of scope here, but you can read Arjun Chand’s comprehensive review of different bridge mechanisms to get up to speed.
Bridges and the problem of blockchain interoperability
Bridges solve a longstanding problem: the lack of interoperability between blockchains. Bitcoin and Ethereum are essentially siloed off from each other—you cannot spend BTC on Ethereum or send ETH to a Bitcoin address. This causes problems, particularly because it limits the value users can extract from assets and prevents them from accessing the benefits of using other blockchains.
With bridges, you can move the value of your crypto anywhere. Maybe you’re tired of HODLing Bitcoin and have your eyes set on Ethereum yield farms with APRs high enough to give your grandmother a heart attack. What do you do? Deposit BTC to a bridge protocol and get wrapped BTC (wBTC).
Being an ERC-20 token, wBTC is compatible with Ethereum’s protocol, meaning you can now invest in those yield farms. Perhaps your dream of buying a Lamborghini with crypto gains might finally come true! (Disclaimer: this is not investment advice).
Just like you, many users want to move to other blockchains in search of
GIPHY App Key not set. Please check settings