The founders of Ethereum have long warned about the risks of bridging blockchains. This is why Binance Smart Chain just had hundreds of millions of dollars in cryptocurrency hacked.
Each blockchain is developed individually with different rules and consensus mechanisms. Bridges in the crypto world are like bridges in the real world – connecting these isolated areas to transfer information and assets.
“Bridges between blockchains have inherent weaknesses in security,” Buterin warned Twitter in January.
In 2022 alone, the amount of cryptocurrency obtained by hackers through bridging attacks will reach $1.3 billion. A wormhole bridging attack occurred after early February, resulting in a massive $300 million loss. Ronin bridge hack cost Axie Infinity users over $600 million.
Just recently, on October 7, Binance continued to suffer a bridging attack. The extent of the damage is unclear so far, but blockchain security firm SlowMist estimates it to be around $600 million, comparable to the Axie Infinity hack and possibly the second-largest hack in history.
Vitalik Buterin’s warning
Bridges increase security risks, Buterin said, because the number of paths for hacking increases as assets move between different chains with different security protocols.
If users keep their ETH in the Ethereum blockchain, the security of the funds depends only on the mechanics of Ethereum.
However, since these ETHs are bridged to other blockchains, security now depends on the target chain and any bridging solutions for “bundling” and moving assets.
While individual blockchains use decentralized verification mechanisms, most bridges today involve intermediaries verifying transactions, with the aim of increasing speed and reducing costs. deal with. Axie Infinity’s Ronin Bridge is a prime example.
It also means that transactions on the bridge trust the operator, rather than “trust encryption” and decentralized security like the underlying blockchain. This is why many people suspect that some bowling cases have “insiders”.
The exchange of assets between different blockchains also makes the chains interdependent. If one chain in the connection is 51% hacked – the hacker takes over most of the verification process and can make/reverse transactions at will – the other chains will also be affected via the staking pool on the bridge.
Buterin noted that a 51% attack on a single blockchain is very difficult and expensive, and it would not make sense to perform such an attack to circulate a small amount of tokens on the bridge, Buterin noted. idea.
But the more it operates at scale, the more the bridge becomes an attractive object, as it acts as a liquidity pool containing many of the cryptocurrencies it is “bridging”.
The ethereum founder wrote: “Bridges are anti-system — fewer transactions are reasonably safe, but more transactions are riskier. This property is almost the opposite of the underlying blockchain — the bigger the chain, the harder it is Get. The more, the safer.
Despite numerous precedents and caveats, bridging attacks are likely to continue, according to a Chainalysis report on crypto hacks in the first half of 2022.