According to a new report of the cryptocurrency data aggregator Token Terminal, roughly 50% of attacks on decentralized finance, or DeFi, protocols occur on cross-chain bridges. In two years, Hackers have stolen more than $2.5 billion by exploiting vulnerabilities in cross-chain bridges. The amount is huge compared to other security breaches such as DeFi lending hacks ($718 million) and decentralized exchange exploits ($362 million) in the same period.
Bridge exploits account for ~50% of all DeFi exploits, totaling ~$2.5B in lost assets
These hacks can typically be attributed to smart contract loopholes (eg Wormhole & Nomad) or compromised private keys (eg Ronin & Harmony).
What will it take to create secure bridges? pic.twitter.com/LrVf0W0zeK
—Terminal Token (@terminaltoken) October 18, 2022
Bridge exploits account for 50% of all DeFi exploits, with a total of $2.5 billion in lost assets.
These hacks can typically be attributed to loopholes in smart contracts (eg Wormhole and Nomad) or compromised private keys (eg Ronin and Harmony).
What is needed to create safe bridges?
Cross-chain bridges, which allow users to port digital assets from one chain to another, are known for their ability to solve multi-chain scaling issues. However, its complexity to build and subsequently audit, combined with massive amounts of funds locked in its smart contracts, has attracted a lot of attention from hackers.
Security experts, such as the CEO of Immunefi, Michael Amador, they explain that some developers in the DeFi space simply lack the knowledge to build such complex mechanisms:
“Many developers launch projects by simply copying and pasting code from other projects. When one of these projects has a vulnerability, others often do as well. Open source smart contracts, being visible and accessible to all, can easily attract blackhats who They study them, find out where they are vulnerable and attack them.”
It also appears that the vast majority of cross-exchange exploits that have occurred so far have taken place on the Ethereum Virtual Machine (EVM) blockchains. ANDThis includes the most serious incidents this year, such as the Axie Infinity Ronin Bridge hack, the Wormhole hack, and the Nomad Bridge hack.
Meanwhile, cross-chain bridges based on the Cosmos Interblockchain Communications (IBC) protocol, which has surpassed $1 billion in total value locked, have largely prevented the spearhead of attacks. Although, last week, Cosmos co-founder Ethan Buchman said that a major security vulnerability had been discovered in IBC following security audits. The exploit has been patched, and no funds have been lost as a result of the incident.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.