Blockchain bridges allow decentralized finance (DeFi) users to use the same tokens on multiple blockchains. For example, a merchant can use USD Coin (USDC) on the Ethereum or Solana blockchains to interact with decentralized applications (DApps) on those networks.
Although these protocols may be comfortable for DeFi users, they are at risk of being exploited by malicious actors. For example, last year, the Wormhole Bridge—a popular crypto bridge between Solana, Ethereum, Avalanche, and others—was hacked, and the attackers stole more than $321 million worth of wrapped Ethereum (wETH), the largest hack in history. of DeFi at the time.
Just over a month later, on March 23, 2022, the Ronin Network bridge – Axie Infinity’s Ethereum-based sidechain – was hacked for over $620 million, and on August 2, the Nomad bridge was hacked by more than 190 million dollars. In total, more than $2.5 billion was stolen from chain-link bridges between 2020 and 2022.
Trustless bridges, known as non-custodial or decentralized bridges, could improve the security of users in transfers between chains.
What is a blockchain bridge?
An interchain bridge is a technology that allows you to send assets or data from one blockchain network to another. These bridges allow two or more independent blockchain networks to communicate with each other and share information. The interoperability provided by cross-chain bridges makes it possible to move assets from one network to another.
Most bridging technologies use smart contracts on both blockchains to make cross-chain transactions possible.
Cross-chain bridges can move many assets, such as cryptocurrencies, digital tokens, and other data. Using these bridges makes it easier for different blockchain networks to work together and for users to take advantage of the unique features and benefits of each network.
Trusted vs. Trustless Bridges
When it comes to bridging protocols, there are two main types: centralized (trusted) and decentralized (untrusted) bridges. Trusted bridges are managed by centralized entities that take custody of the tokens once transferred to the bridge. One of the main risks of custodial bridges is the single point of failure (the centralized custodian), which makes them an easier target for hacking attempts.
Instead of using centralized custodians to transfer tokens through blockchains, trustless bridges use smart contracts to complete the process.
Smart contracts are automated programs that perform certain actions once conditions are met. Because of this, trustless bridges are considered a more secure alternative, as each user retains custody of their tokens during the transfer process.
However, trustless bridges can be compromised if the smart contract code has vulnerabilities that are not identified and fixed by the development team.
Pascal Berrang, a blockchain researcher and lead developer of Nimiq, a blockchain-based payment protocol, told Cointelegraph: “In general, the use of cross-chain bridging introduces additional risks over using a single blockchain.”
“It increases the attack surface across blockchains, potential custodians, and smart contracts. There are various types of cross-chain bridges, which come with different trade-offs in terms of these risks.” And he continued:
“Inter-chain bridging naturally involves two or more blockchains, which often use different security mechanisms. Therefore, the security of bridged assets depends on the weaker blockchain involved in the bridge. For example, whether to attacks one of the blockchains, it would be possible to reverse an interchain trade on one of the chains but not on the other, resulting in an imbalance of assets.”
Berrang also highlighted vulnerabilities related to the locking of assets on the bridge. “Funds are often stored or locked in a central location, constituting a single point of failure. Depending on the type of bridge, these funds are subject to different risks: In a smart contract-based bridge, failures in those contracts can bridged assets lose their value,” Berrang explains.
“An example could be a bug that allows infinite minting of new bridged tokens. Bridges operated by trusted custodians are subject to counterparty risk if the custodians misbehave or have their keys stolen,” he added.
Jeremy Musighi, head of growth at Balancer, an automated market maker, believes that additional risks lie in the complexity of blockchain bridges, telling Cointelegraph that “cross-chain bridges carry several significant risks. Security is one of the greatest risks; due to the complexity and difficulty of implementing cross-chain bridging, they are prone to bugs and vulnerabilities that malicious actors can exploit to steal assets or perform other malicious actions.”
Musighi also noted that scalability issues pose other risks to the bridging process, stating: “Another risk is scalability, as cross-chain bridges may not be able to handle large amounts of traffic, leading to delays and higher costs.” For the users.”
Protect bridges against exploits
Developers can prevent cross-chain bridges from being hacked by applying various security measures that help ensure the confidentiality, integrity, and authenticity of transferred assets.
One of the most important measures is to ensure that the smart contract code that forms the core of cross-chain bridging is secure and free of vulnerabilities. This can be accomplished through regular security audits, bug bounty programs, and code reviews, which help identify and fix potential security issues.
Another measure that developers can take is to use cryptographic algorithms, such as digital signatures and hash functions, to secure the transfer of assets and information between different blockchain networks. This helps ensure that transferred assets are protected and that no malicious agent can interfere with the transfer process.
In addition, regular monitoring of the network is essential to detect suspicious activity and prevent attacks. By monitoring the network, developers can detect any security issues and take the appropriate steps to resolve them before they cause damage.
Finally, developing and deploying secure cross-chain bridging requires following best practices, such as secure coding practices, testing and debugging, and secure deployment methods. In this way, developers can help ensure the safety and stability of chain-to-chain bridges.
Preventing cross-chain bridges from being hacked requires a combination of secure code, cryptographic algorithms, strong consensus mechanisms, network monitoring, and following best practices.
Are trustless bridges a better solution?
Trustless bridges can provide a more secure solution for bridging assets across blockchains only if the smart contract code has been fully audited to ensure no vulnerabilities are present.
The main security advantage of trustless bridges is that users keep custody of their tokens throughout the process, and smart contracts take care of the transfer process. Also, the lack of a central authority that locks the tokens makes the bridges more difficult to attack, since there is no single point of failure.
Musighi told Cointelegraph: “In general, I find trustless bridges to be more secure than trust bridges, as they operate transparently and rely on a decentralized network to validate and facilitate cross-chain asset transfers, whereas Trusted bridges rely on a centralized third party, which means there is a single point of failure and a concentrated attack surface for hackers to target.”
“Trustless bridges are easier to audit and have the distinct advantage of minimizing trust. Since many centralized bridges also leverage (simpler) smart contracts, trustless bridges can be considered a less risky option but not without risk,” he said. Berrang.
As the decentralized finance space matures, developers must take additional steps to secure cross-chain bridges. However, as cryptocurrency users become more interested in self-custody and decentralization, trustless bridges may gain popularity.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.